{
	"id": "e88f6ff7-86ef-496e-b3ce-de7c995927ac",
	"created_at": "2026-04-06T00:12:48.671968Z",
	"updated_at": "2026-04-10T03:20:00.607439Z",
	"deleted_at": null,
	"sha1_hash": "efe9f91d2378eb9d27e2facb3afaf19b3ca7902b",
	"title": "SPC-8 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43074,
	"plain_text": "SPC-8 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 23:19:16 UTC\r\nMobile Threat Catalogue\r\nFirmware Component Substitution During Transfer\r\nContribute\r\nThreat Category: Supply Chain\r\nID: SPC-8\r\nThreat Description: An adversary with access to supplier shipping channels during transfer of system\r\ncomponents can substitute a counterfeit firmware component for an authentic component.1\r\nThreat Origin\r\nSupply Chain Attack Framework and Attack Patterns 1\r\nExploit Examples\r\nNot Applicable\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nEnterprise\r\nRequire firmware to be digitally signed by a trusted developer and the signature verified prior to the component\r\nbeing integrated into a larger system\r\nEmploy software integrity verification checks on installed firmware, which can be validated against a known-good\r\nvalue (e.g. brute-force resistant cryptographic hash of firmware image) to detect any modification to firmware\r\nObtain device measurements for comparison to normal ranges (e.g., temperature, timing, EM radiation, power\r\nconsumption) to detect anomalous behavior.\r\nReferences\r\n1. J.F. Miller, “Supply Chain Attack Framework and Attack Patterns”, tech. report, MITRE, Dec. 2013;\r\nwww.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf ↩ ↩2\r\nhttps://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-8.html\r\nPage 1 of 2\n\nSource: https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-8.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-8.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-8.html"
	],
	"report_names": [
		"SPC-8.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434368,
	"ts_updated_at": 1775791200,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/efe9f91d2378eb9d27e2facb3afaf19b3ca7902b.pdf",
		"text": "https://archive.orkl.eu/efe9f91d2378eb9d27e2facb3afaf19b3ca7902b.txt",
		"img": "https://archive.orkl.eu/efe9f91d2378eb9d27e2facb3afaf19b3ca7902b.jpg"
	}
}