SPC-17 · Mobile Threat Catalogue
Archived: 2026-04-05 20:27:23 UTC
Mobile Threat Catalogue
Malicious Hardware or Firmware Inserted During Integration
Contribute
Threat Category: Supply Chain
ID: SPC-17
Threat Description: An adversary with access to critical components as they are being integrated into the
acquired system can insert maliciously altered hardware or firmware into the system.1
Threat Origin
Supply Chain Attack Framework and Attack Patterns 1
Exploit Examples
CVE Examples
Possible Countermeasures
References
1. J.F. Miller, “Supply Chain Attack Framework and Attack Patterns”, tech. report, MITRE, Dec. 2013;
www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf ↩ ↩2
Source: https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-17.html
https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-17.html
Page 1 of 1