CAPEC-455 - Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components

An attacker produces counterfeit hardware components which are included in product assembly during some portion of the supply chain lifecycle. The production of products containing counterfeit components such as counterfeit routers, switches, Ethernet, as well as WAN (Wide Area Networking) cards results in the acquirer obtaining a device specifically designed for malicious purposes. The problem of counterfeit hardware is not limited to small or "one-off" vendors, but has included major trusted suppliers, such as Cisco. There are billions of transistors in a single integrated circuit and researchers have shown that fewer than 10 transistors are required to create malicious functionality, such as keylogging or password theft.

Severity

Likelihood

Confidentiality

Integrity

Availability