New to CAPEC? Start Here
Home > CAPEC List > CAPEC-672: Malicious Code Implanted During Chip Programming (Version 3.9)  

CAPEC-672: Malicious Code Implanted During Chip Programming

Attack Pattern ID: 672
Abstraction: Detailed
View customized information:
+ Description

During the programming step of chip manufacture, an adversary with access and necessary technical skills maliciously alters a chip’s intended program logic to produce an effect intended by the adversary when the fully manufactured chip is deployed and in operational use. Intended effects can include the ability of the adversary to remotely control a host system to carry out malicious acts.

+ Likelihood Of Attack

Low

+ Typical Severity

High

+ Relationships
Section HelpThis table shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.
NatureTypeIDName
ChildOfStandard Attack PatternStandard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.444Development Alteration
Section HelpThis table shows the views that this attack pattern belongs to and top level categories within that view.
+ Prerequisites
An adversary would need to have access to a foundry’s or chip maker’s development/production environment where programs for specific chips are developed, managed and uploaded into targeted chips prior to distribution or sale.
+ Skills Required
[Level: Medium]
An adversary needs to be skilled in microprogramming, manipulation of configuration management systems, and in the operation of tools used for the uploading of programs into chips during manufacture. Uploading can be for individual chips or performed on a large scale basis.
+ Consequences
Section HelpThis table specifies different individual consequences associated with the attack pattern. The Scope identifies the security property that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in their attack. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a pattern will be used to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.
ScopeImpactLikelihood
Integrity
Alter Execution Logic
+ Mitigations
Utilize DMEA’s (Defense Microelectronics Activity) Trusted Foundry Program members for acquisition of microelectronic components.
Ensure that each supplier performing hardware development implements comprehensive, security-focused configuration management of microcode and microcode generating tools and software.
Require that provenance of COTS microelectronic components be known whenever procured.
Conduct detailed vendor assessment before acquiring COTS hardware.
+ Example Instances

Following a chip’s production process steps of test and verification and validation of chip circuitry, an adversary involved in the generation of microcode defining the chip’s function(s) inserts a malicious instruction that will become part of the chip’s program. When integrated into a system, the chip will produce an effect intended by the adversary.

+ Taxonomy Mappings
Section HelpCAPEC mappings to ATT&CK techniques leverage an inheritance model to streamline and minimize direct CAPEC/ATT&CK mappings. Inheritance of a mapping is indicated by text stating that the parent CAPEC has relevant ATT&CK mappings. Note that the ATT&CK Enterprise Framework does not use an inheritance model as part of the mapping to CAPEC.
Relevant to the ATT&CK taxonomy mapping
Entry IDEntry Name
1195.003Supply Chain Compromise: Compromise Hardware Supply Chain
+ References
[REF-662] Jeremy Muldavin. "Assuring Microelectronics Innovation for National Security & Economic Competitiveness (MINSEC)". Office of the Deputy Assistant Secretary of Defense for Systems Engineering. 2017-11.
+ Content History
Submissions
Submission DateSubmitterOrganization
2021-06-24
(Version 3.5)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2022-09-29
(Version 3.8)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns, Taxonomy_Mappings
More information is available — Please select a different filter.
Page Last Updated or Reviewed: June 24, 2021