CAPEC-531

Detailed Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Draft MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Low Severity: High
Hardware Component Substitution

Description

An attacker substitutes out a tested and approved hardware component for a maliciously-altered hardware component. This type of attack is carried out directly on the system, enabling the attacker to then cause disruption or additional compromise.

Prerequisites

Physical access to the system or the integration facility where hardware components are kept.

Skills Required

[High] Able to develop and manufacture malicious system components that perform the same functions and processes as their non-malicious counterparts.