AI-Driven Cyber-Physical and Supply-Chain Threat Detection in Mobile and Embedded Ecosystems: A Comprehensive Review

Mobile and embedded devices—smartphones, wearables, industrial IoT, and vehicles—now underpin critical services but also expand the cyber‑physical and supply‑chain attack surface. Heterogeneous hardware, baseband stacks, firmware/OS components, and multi‑vendor build and distribution pipelines create vulnerabilities across manufacturing, provisioning, deployment, operation, and update. This review consolidates threats and defenses through two coupled lenses: (i) AI/ML-driven monitoring for intrusion, tamper, and anomaly detection, and (ii) device trust foundations (secure/measured boot, trusted execution environments, and remote attestation). Using a systematic, criteria-driven screening and appraisal protocol, we synthesize evidence from peer‑reviewed research, standards/specifications, and authoritative platform documentation spanning SUIT-based OTA updates, RATS/EAT and PSA attestation tokens, AVB/dm‑verity integrity, and SBOM/SLSA/Sigstore provenance. We contribute (1) a lifecycle taxonomy linking phases, layers, attack classes, and controls; (2) a cross‑layer synthesis that connects attestation/TEE mechanisms to telemetry pipelines and remediation workflows; (3) a critical appraisal of datasets and evaluation practices for embedded/IoT intrusion detection; and (4) a gap analysis highlighting fleet‑scale attestation, real‑time cyber‑physical tamper sensing, provenance-to-runtime binding, and baseband security. The result is actionable guidance for building verifiable update pipelines and trustworthy, operationally feasible detection at fleet scale.