This category includes threats related to the device and component supply chain. To the extent that they are included, software supply chain related threats are noted within the Vulnerable Applications category.
- An adversary with access to open source code and knowledge of its particular use for the system being acquired can insert malicious code into open source software used for libraries
- A hardware or firmware component can be intercepted by an adversary while in transit between supplier and acquirer, for the purpose of substitution or manipulation. Vulnerabilities: The distribution channels are susceptible to hardware or firmware
- Adversarial supply chain distribution channel personnel (e.g., packaging, shipping, receiving, or transfer) can intercept and replace legitimate critical hardware components with malicious ones
- An adversary with access to software processes and tools within the development or software support environment can insert malicious software into components during development or update/maintenance.
- A software or firmware programmer with access to the configuration control system can introduce malicious logic into software or microelectronics during coding and/or logic-bearing component development or update/maintenance.
- An adversary with access to hardware procurement, maintenance, or upgrade control can embed malware in a critical component
- An adversary with access to the hardware commodity procurement process can insert improperly vetted or untested malicious critical microelectronics components into the system during development.
- An adversary with access to production component supplier shipping channels during transfer of system components can substitute a maliciously altered hardware component for a tested and approved component
- An adversary with access to supplier shipping channels during transfer of system components can substitute a counterfeit firmware component for an authentic component.
- An adversary with access privileges within the software development environment and to associated tools, including the software unit/component test system and the software configuration management system, can hide malicious code in custom software.
- An adversary with access to 3rd party bundling processes and tools can implant malicious software in a system during the hardware-software integration phase.
- An adversary with access to download and update system software installs a BIOS containing known vulnerabilities for future exploitation.
- An automated software update/patch downloader/installer can be corrupted to download malicious code and apply it to systems being sustained.
- The design and manufacture of critical hardware at targeted suppliers can be compromised.
- A counterfeit hardware component can be implanted in a system being acquired.
- Unsecured, potentially malicious 3rd party components of a technology or code-base can be packaged with a product before shipment to an acquirer.
- A gray market adversary can exploit an obsolescence program to introduce replacement hardware with malware incorporated.
- An adversary with access to critical components as they are being integrated into the acquired system can insert maliciously altered hardware or firmware into the system.
- An adversary with access to software being integrated into a system during a subassembly manufacturing process can embed malware into a sub-assembly.
- An adversary with access to critical components during packaging and distribution can substitute a malicious component for a legitimate component
- An adversary with access to a software support activity can substitute malicious software for a legitimate component during a software upgrade
- Low level backdoor inadvertently left by firmware developer