CAPEC-521

Detailed Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Draft MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Low Severity: High
Hardware Design Specifications Are Altered

Description

An attacker with access to a manufacturer's hardware manufacturing process documentation alters the design specifications, which introduces flaws advantageous to the attacker once the system is deployed.

Prerequisites

Advanced knowledge of hardware capabilities of a manufacturer's product.

Access to the manufacturer's documentation.

Mitigations

Digitize documents and cryptographically sign them to verify authenticity.

Password protect documents and make them read-only for unauthorized users.

Avoid emailing important documents and configurations.

Ensure deleted files are actually deleted.

Maintain backups of the document for recovery and verification.

Separate need-to-know information from system configuration information depending on the user.

Skills Required

[High] Ability to read, interpret, and subsequently alter manufacturer's documentation to cause errors in design specifications.

[High] Ability to stealthly gain access via remote compromise or physical access to the manufacturer's documentation.