Dark Mode
Capec-672 Detail
Malicious Code Implanted During Chip Programming
Detailed Supply Chain Software Hardware Likelihood: Low Typical Severity: High
Parents: 444
During the programming step of chip manufacture, an adversary with access and necessary technical skills maliciously alters a chip’s intended program logic to produce an effect intended by the adversary when the fully manufactured chip is deployed and in operational use. Intended effects can include the ability of the adversary to remotely control a host system to carry out malicious acts.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-672 | capec | https://capec.mitre.org/data/definitions/672.html | |
| T1195.003 | ATTACK | https://attack.mitre.org/wiki/Technique/T1195/003 | Supply Chain Compromise: Compromise Hardware Supply Chain |
| REF-662 | reference_from_CAPEC | Jeremy Muldavin, Assuring Microelectronics Innovation for National Security & Economic Competitiveness (MINSEC), 2017--11, Office of the Deputy Assistant Secretary of Defense for Systems Engineering |
Not present
- An adversary would need to have access to a foundry’s or chip maker’s development/production environment where programs for specific chips are developed, managed and uploaded into targeted chips prior to distribution or sale.
Not present
| Medium |
|---|
| An adversary needs to be skilled in microprogramming, manipulation of configuration management systems, and in the operation of tools used for the uploading of programs into chips during manufacture. Uploading can be for individual chips or performed on a large scale basis. |
| Integrity |
|---|
| Alter Execution Logic |
- Following a chip’s production process steps of test and verification and validation of chip circuitry, an adversary involved in the generation of microcode defining the chip’s function(s) inserts a malicious instruction that will become part of the chip’s program. When integrated into a system, the chip will produce an effect intended by the adversary.