Consumer electronics supply chain poisoning: anatomizing the unified hardware and software threat model and countermeasures

With attackers increasingly targeting consumer electronic devices, the urgency of strengthening supply chain security has never been more pressing. To address this critical issue, we present a Unified Hardware and Software Threat Model (UHSTM) for consumer devices’ supply chains that classifies threats and describes attack surfaces in a unified way, ensuring that security recommendations are implemented across the entire consumer device lifecycle, from design and production to distribution and operation, considering hardware and software attack surfaces. UHSTM holistically and proactively addresses the interconnected and complex security risks that arise from integrating diverse hardware components and software systems. We discuss the UHSTM implementation and present robust countermeasures that enable field practitioners to circumvent risks proactively by enhancing electronic devices’ hardware and software security posture.