CAPEC-520

Detailed Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Draft MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Low Severity: High
Counterfeit Hardware Component Inserted During Product Assembly

Description

An adversary with either direct access to the product assembly process or to the supply of subcomponents used in the product assembly process introduces counterfeit hardware components into product assembly. The assembly containing the counterfeit components results in a system specifically designed for malicious purposes.

Prerequisites

The adversary will need either physical access or be able to supply malicious hardware components to the product development facility.

Mitigations

Hardware attacks are often difficult to detect, as inserted components can be difficult to identify or remain dormant for an extended period of time.

Acquire hardware and hardware components from trusted vendors. Additionally, determine where vendors purchase components or if any components are created/acquired via subcontractors to determine where supply chain risks may exist.

Skills Required

[High] Resources to maliciously construct components used by the manufacturer.

[High] Resources to physically infiltrate manufacturer or manufacturer's supplier.