Home > CAPEC List > CAPEC-535: Malicious Gray Market Hardware (Version 2.11)  

CAPEC-535: Malicious Gray Market Hardware

Malicious Gray Market Hardware
Definition in a New Window Definition in a New Window
Attack Pattern ID: 535
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker maliciously alters hardware components that will be sold on the gray market, allowing for victim disruption and compromise when the victim needs replacement hardware components for systems where the parts are no longer in regular supply from original suppliers, or where the hardware components from the attacker seems to be a great benefit from a cost perspective.

+ Attack Prerequisites
  • Physical access to a gray market reseller's hardware components supply, or the ability to appear as a gray market reseller to the victim's buyer.

+ Typical Severity


+ Typical Likelihood of Exploit

Likelihood: Low

The nature of these type of attacks involve a coordinated effort between well-funded multiple attackers, and sometimes require physical access to successfully complete an attack. As a result these types of attacks are not launched on a large scale against any potential victim, but are typically highly targeted against victims who are often targeted and may have rather sophisticated cyber defenses already in place.

+ Examples-Instances


An attacker develops co-processor boards with malicious capabilities that are technically the same as a manufacturer's expensive upgrade to their flagship system. The victim has installed the manufacturer's base system without the expensive upgrade. The attacker contacts the victim and states they have the co-processor boards at a drastically-reduced price, falsely stating they were acquired from a bankruptcy liquidation of a company that had purchased them from the manufacturer. The victim after hearing the drastically reduced price decides to take advantage of the situation and purchases the upgrades from the attacker, and installs them. This allows the attacker to further compromise the victim.

+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: High

Able to develop and manufacture malicious hardware components that perform the same functions and processes as their non-malicious counterparts.

+ References
[R.535.1] [REF-50] John F. Miller. "Supply Chain Attack Framework and Attack Patterns". The MITRE Corporation. 2013. <http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated Examples-Instances, Related_Attack_Patterns, Typical_Likelihood_of_ExploitInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017