CAPEC-520: Counterfeit Hardware Component Inserted During Product Assembly
Detailed
Draft
严重程度: High
攻击可能性: Low
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary with either direct access to the product assembly process or to the supply of subcomponents used in the product assembly process introduces counterfeit hardware components into product assembly. The assembly containing the counterfeit components results in a system specifically designed for malicious purposes.
前提条件
- The adversary will need either physical access or be able to supply malicious hardware components to the product development facility.
所需技能
High
Resources to maliciously construct components used by the manufacturer.
High
Resources to physically infiltrate manufacturer or manufacturer's supplier.
缓解措施
Hardware attacks are often difficult to detect, as inserted components can be difficult to identify or remain dormant for an extended period of time.
Acquire hardware and hardware components from trusted vendors. Additionally, determine where vendors purchase components or if any components are created/acquired via subcontractors to determine where supply chain risks may exist.
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| ATTACK | 1195.003 | Supply Chain Compromise: Compromise Hardware Supply Chain |