Updated 16Feb2019 to include links to Bunnie Huang's & Trammell Hudson's talks
| With the recent Bloomberg kerfuffle, people are thinking more about hardware security and supply-chain security. So we wanted to share an interesting datapoint. A while back, we found a vulnerability in device that ended up telling a very cautionary tale about supply-chain security at various levels. Some links to the coverage of that are below, but the short of it is this: |  Turtles all the way down... |
The single software component that contained the vulnerability of the camera, was used by the manufacturer not only in the firmware of the one camera model that we exploited, but also throughout the manufacturer's product line affecting more than just cameras. Furthermore, that same "design" (including the vulnerable component) was repeated by other manufacturers to make devices of all kinds (even desktop software)...all potentially vulnerable to the same bug.
We found a vulnerability in millions of devices....
 Vice: Motherboard |  KrebsOnSecurity |  Wired |
RSS Feed