New to CAPEC? Start Here
Home > CAPEC List > CAPEC-534: Malicious Hardware Update (Version 3.5)  

CAPEC-534: Malicious Hardware Update

Attack Pattern ID: 534
Abstraction: Standard
Status: Stable
Presentation Filter:
+ Description
An adversary introduces malicious hardware during an update or replacement procedure, allowing for additional compromise or site disruption at the victim location. After deployment, it is not uncommon for upgrades and replacements to occur involving hardware and various replaceable parts. These upgrades and replacements are intended to correct defects, provide additional features, and to replace broken or worn-out parts. However, by forcing or tricking the replacement of a good component with a defective or corrupted component, an adversary can leverage known defects to obtain a desired malicious impact.
+ Likelihood Of Attack


+ Typical Severity


+ Relationships
Section HelpThis table shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.
ChildOfMeta Attack PatternMeta Attack Pattern - A meta level attack pattern in CAPEC is a decidedly abstract characterization of a specific methodology or technique used in an attack. A meta attack pattern is often void of a specific technology or implementation and is meant to provide an understanding of a high level approach. A meta level attack pattern is a generalization of related group of standard level attack patterns. Meta level attack patterns are particularly useful for architecture and design level threat modeling exercises.440Hardware Integrity Attack
ParentOfDetailed Attack PatternDetailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.531Hardware Component Substitution
Section HelpThis table shows the views that this attack pattern belongs to and top level categories within that view.
+ Skills Required
[Level: High]
Able to develop and manufacture malicious hardware components that perform the same functions and processes as their non-malicious counterparts.
+ Example Instances
An adversary develops a malicious networking card that allows for normal function plus the addition of malicious functionality that is of benefit to the adversary. The adversary sends the victim an email stating that the existing networking card is faulty, and that the victim can order a replacement card free of charge. The victim orders the card, and the adversary sends the malicious networking card. The malicious networking card replaces the perfectly-functioning original networking card, and the adversary is able to take advantage of the additional malicious functionality to further compromise the victim's network.
+ References
[REF-439] John F. Miller. "Supply Chain Attack Framework and Attack Patterns". The MITRE Corporation. 2013. <>.
+ Content History
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Typical_Likelihood_of_Exploit
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Examples-Instances
More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 17, 2020