Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Tampering is the unauthorized, malicious alteration of data, code, hardware, or configurations to break integrity; it is the 'T' in Microsoft's STRIDE threat model.
Tampering Definition: Tampering is the unauthorized, malicious alteration of data, code, hardware, or configurations to break integrity; it is the 'T' in Microsoft's STRIDE threat model.
Tampering is the deliberate, unauthorized alteration of data, software, hardware, configurations, or messages to compromise their integrity or cause harm. It is a direct attack on the integrity pillar of the CIA triad and is the 'T' in Microsoft's STRIDE threat-modeling framework, which pairs each tampering threat with integrity controls.
Tampering can occur at rest, in transit, or in execution. An attacker might modify records in a database, alter log files to hide activity, inject malicious code into software, change firmware, or physically interfere with a device. In transit, a man-in-the-middle attacker can change packets unless they are integrity-protected. Defenses center on detecting or preventing unauthorized change: cryptographic hashes and digital signatures verify that data and code are unaltered, message authentication codes protect transmissions, file integrity monitoring flags unexpected changes, and tamper-evident or tamper-responsive hardware reveals or reacts to physical intrusion.
For security, preventing and detecting tampering is essential because undetected modification undermines trust in everything that depends on the data: financial records, audit logs, software supply chains, medical readings, and access decisions. Tampered logs can erase evidence of a breach; tampered firmware can implant a persistent backdoor; a tampered software update can compromise thousands of downstream systems, as supply-chain attacks have shown. Standards such as ISO 27001, NIST SP 800-53 (SI integrity controls), and PCI DSS mandate integrity protections, code signing, and change management precisely to counter tampering.
For example, a payment terminal vendor builds multiple anti-tampering defenses into its hardware: tamper-responsive circuitry zeroizes the cryptographic keys instantly if the case is opened, tamper-evident seals show visible damage if removed, and the firmware is digitally signed so the device refuses to boot modified code. If a criminal tries to insert a skimming implant, the device detects the physical intrusion, wipes its keys, and becomes useless to the attacker, while the integrity checks ensure no altered software can run undetected. This layered approach embodies how organizations defend integrity against tampering.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →