Mobile Threat Catalogue

Improperly Vetted or Untested Malicious Microelectronics


Threat Category: Supply Chain


Threat Description: An adversary with access to the hardware commodity procurement process can insert improperly vetted or untested malicious critical microelectronics components into the system during development.1

Threat Origin

Supply Chain Attack Framework and Attack Patterns 1

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures


Require that hardware components be tested for correct functionality and normal operation, and that the output of automated testing processes be digitally signed by the component that performed the test, and that the results are verified prior to acceptance of the tested component into the next stage of procurement, development, or deployment to reduce the likelihood an adversary can successfully introduce a malicious component that is not detected prior to use in production


  1. J.F. Miller, “Supply Chain Attack Framework and Attack Patterns”, tech. report, MITRE, Dec. 2013;  2