SPC-7 · Mobile Threat Catalogue
Archived: 2026-04-05 21:45:29 UTC
Mobile Threat Catalogue
Hardware Component Substitution During Transfer
Contribute
Threat Category: Supply Chain
ID: SPC-7
Threat Description: An adversary with access to production component supplier shipping channels during
transfer of system components can substitute a maliciously altered hardware component for a tested and approved
component.1
Threat Origin
Supply Chain Attack Framework and Attack Patterns 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
Enterprise
Test systems that contain newly integrated or updated components to detect incorrect function or anomalous
behavior prior to production use
References
1. J.F. Miller, “Supply Chain Attack Framework and Attack Patterns”, tech. report, MITRE, Dec. 2013;
www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf ↩ ↩2
Source: https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-7.html
https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-7.html
Page 1 of 1