CAPEC-522 Malicious Hardware Component Replacement

CAPEC-522 Metadata

Likelihood of Attack

Low

Typical Severity

High

Overview

Summary

An adversary replaces legitimate hardware in the system with faulty counterfeit or tampered hardware in the supply chain distribution channel, with purpose of causing malicious disruption or allowing for additional compromise when the system is deployed.

Prerequisites

Physical access to the system after it has left the manufacturer but before it is deployed at the victim location.

Execution Flow

Step	Phase	Description	Techniques
1	Explore	[Determine Target Hardware] The adversary must first identify a system that they wish to target, and a specific hardware component that they can swap out with a malicious replacement.	Look for datasheets containing the system schematics that can help identify possible target hardware. Procure a system and inspect it manually, looking for possible hardware component targets. Search for manufacturer IDs on hardware chips or FCC IDs on wireless chips to determine their functionality.
2	Explore	[Discover Vulnerability in Supply Chain] The adversary maps out the supply chain for the targeted system. They look for ooportunities to gain physical access to the system after it has left the manufacturer, but before it is deployed to the victim.	Procure a system and observe the steps it takes in the shipment process. Identify possible warehouses that systems are stored after manufacturing.
3	Exploit	[Substitute Components in the Supply Chain] Using the vulnerability in the supply chain of the system discovered in the explore phase, the adversary substitutes the malicious component for the targeted component. This results in the adversary gaining unintended access to systems once they reach the victim and can lead to a variety of follow up attacks.

Potential Solutions / Mitigations

Ensure that all contractors and sub-suppliers use trusted means of shipping (e.g., bonded/cleared/vetted and insured couriers) to ensure that components, once purchased, are not subject to compromise during their delivery. Prevent or detect tampering with critical hardware or firmware components while in transit through use of state-of-the-art anti-tamper devices. Use tamper-resistant and tamper-evident packaging when shipping critical components (e.g., plastic coating for circuit boards, tamper tape, paint, sensors, and/or seals for cases and containers) and inspect received system components for evidence of tampering.

Related CAPECs

CAPEC ID	Description
CAPEC-439	An attacker undermines the integrity of a product, software, or technology at some stage of the distribution channel. The core threat of modification or manipulation during distribution arise from the many stages of distribution, as a product may traverse multiple suppliers and integrators as the final asset is delivered. Components and services provided from a manufacturer to a supplier may be tampered with during integration or packaging.

CAPEC ID

Description

CAPEC-439

An attacker undermines the integrity of a product, software, or technology at some stage of the distribution channel. The core threat of modification or manipulation during distribution arise from the many stages of distribution, as a product may traverse multiple suppliers and integrators as the final asset is delivered. Components and services provided from a manufacturer to a supplier may be tampered with during integration or packaging.

Taxonomy Mappings

Taxonomy: ATTACK

Entry ID	Entry Name
1195.003	Supply Chain Compromise: Compromise Hardware Supply Chain

Stay Ahead of Attack Patterns

Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.