CAPEC-520: Counterfeit Hardware Component Inserted During Product Assembly

Description

An adversary with either direct access to the product assembly process or to the supply of subcomponents used in the product assembly process introduces counterfeit hardware components into product assembly. The assembly containing the counterfeit components results in a system specifically designed for malicious purposes.

Extended Description

WS-Addressing is used to virtualize services, provide return addresses and other routing information, however, unless the WS-Addressing headers are protected they are vulnerable to rewriting. Content in a registry is deployed by the service provider. The registry in an SOA or Web Services system can be accessed by the service requester via UDDI or other protocol.

Severity :

High

Possibility :

Low

Type :

Detailed

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-444: Development Alteration Development Alteration

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

The adversary will need either physical access or be able to supply malicious hardware components to the product development facility.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

High Resources to maliciously construct components used by the manufacturer.
High Resources to physically infiltrate manufacturer or manufacturer's supplier.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

ATTACK | Supply Chain Compromise: Compromise Hardware Supply Chain

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

Visit http://capec.mitre.org/ for more details.