We welcome your feedback about MITRE Engage v0.9 Beta: Email us at engage@mitre.org

Hardware Manipulation

Alter the hardware configuration of a system to limit what an adversary can do with the device.

Hardware Manipulation can include physical or configuration changes to the hardware in the environment. This manipulation can include physically removing a system's microphone, camera, on-board Wi-Fi adapter, etc. or using software controls to disable those devices. These types of manipulations can affect the adversary's ability to achieve their operational objectives by incurring an increased resource cost, forcing them to change tactics, or stopping them altogether.

Hardware Manipulation is often required to maintain operational safety. For example, if the operation includes Detonating Malware using a laptop physically located in a shared space, it is likely that the defender will not have the ability to hide the legitimate conversations and individuals present in the space. Unless the defender has the ability to control the background sounds and visuals, it is likely too risky to leave the camera and microphone connected to the machine.

Details
ID: EAC0017
Type:  Engagement 
Goals:  Affect
Approaches:  Prevention
Whenever an adversary interacts with the environment, their actions reveal vulnerabilities. Defenders can utilize engagement activities to take advantage of such weaknesses.

The following table lists the adversary tactics on the left and the revealed vulnerability on the right that can be exploited by the defender using Hardware Manipulation.

ATT&CK® Tactics Adversary Vulnerability Presented
Collection When adversaries rely on particular resources to be enabled, accessible and/or vulnerable, they are vulnerable to their operations being disrupted if the resources is disabled, removed, or otherwise made invulnerable.