Supply Chain Compromise: Compromise Hardware Supply Chain

Adversaries may manipulate hardware components in products prior to receipt by a final consumer for the purpose of data or system compromise. By modifying hardware or firmware in the supply chain, adversaries can insert a backdoor into consumer networks that may be difficult to detect and give the adversary a high degree of control over the system. Hardware backdoors may be inserted into various devices, such as servers, workstations, network infrastructure, or peripherals.

ID: T1195.003
Sub-technique of:  T1195
Tactic: Initial Access
Platforms: Linux, Windows, macOS
Data Sources: BIOS, Component firmware, Disk forensics, EFI
Version: 1.0
Created: 11 March 2020
Last Modified: 23 March 2020

Mitigations

Mitigation Description
Boot Integrity

Use Trusted Platform Module technology and a secure or trusted boot process to prevent system integrity from being compromised. Check the integrity of the existing BIOS or EFI to determine if it is vulnerable to modification. [1] [2]

Detection

Perform physical inspection of hardware to look for potential tampering. Perform integrity checking on pre-OS boot mechanisms that can be manipulated for malicious purposes.

References