Bunny Huang is long time hardware engineer and solid public profile in hardware reversing. In this presentation he consider how to attack supply chain security in the light of the recent Bloomberg article (which he concludes is ultimately feasible but false)
You really must watch this and realise that branded and whitebox hardwrae are equally vulnerable in the supply chain.
Key areas that took my interest:
- How factories might substitute chips with second hand or low spec components that have been rebadged
- Techniques for hardware implants on devices
- How chip silicon can modified in design and production
- how to tamper with no tamper stickers
- How can we target an individual company ?
- Its difficult to tell the differnce between cutting costs, making a profit and supply chain security issues
In this talk, we will calibrate expectations about how difficult (or easy) it may be for actors ranging from rogue individuals to Nation-States to infiltrate various points of our global supply chain.
BlueHat IL 2019 – Andrew “bunnie” Huang – Supply Chain Security: “If I were a Nation State…” – YouTube : https://www.youtube.com/watch?v=RqQhWitJ1As