CAPEC-535 - Malicious Gray Market Hardware

An attacker maliciously alters hardware components that will be sold on the gray market, allowing for victim disruption and compromise when the victim needs replacement hardware components for systems where the parts are no longer in regular supply from original suppliers, or where the hardware components from the attacker seems to be a great benefit from a cost perspective.

Severity

Likelihood

Confidentiality

Integrity

Availability

High level: Able to develop and manufacture malicious hardware components that perform the same functions and processes as their non-malicious counterparts.

Physical access to a gray market reseller's hardware components supply, or the ability to appear as a gray market reseller to the victim's buyer.