Tuesday, October 08, 2024

What’s the worst that could happen? Put your iPhone to your ear and listen closely.

https://www.aei.org/op-eds/exploding-pagers-and-spy-chips-the-rising-risk-of-hardware-tampering/

Exploding Pagers and Spy Chips: The Rising Risk of Hardware Tampering

The explosives that Mossad slipped into thousands of Hizbollah pager batteries and detonated last month in Lebanon should send a jolt of fear through the otherwise staid world of global supply chain management. Surely adversaries of the west will have their own tactics to compromise our electronics hardware. Most companies think only about cyber and software vulnerabilities. It is time they take hardware security more seriously.

The Russians are already so nervous that complex electronics can be manipulated by opponents that they have created a special institute to test the veracity of western chips smuggled in for use in missile and drone manufacturing. History shows that they are probably right to worry. Though many cold war-era spy games are still concealed by classification, Politico recently uncovered a 1980s FBI scheme designed to tamper with chipmaking tools that the Soviets were illegally importing.

However, western security agencies may no longer have the opportunity to repeat such practices — even if they are as skilled today as they were during the cold war. The epicentre of electronics manufacturing has shifted from the US to Asia — in particular to China and in the case of chipmaking to Taiwan. The more products a country assembles, the more opportunities for malfeasance.





There is nothing satisfying about an “I told you so.” Would it help in a lawsuit? (Knowing these backdoors exist makes attempts to find them inevitable.)

https://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-law-that-came-back-to-bite/

The 30-year-old internet backdoor law that came back to bite

News broke this weekend that China-backed hackers have compromised the wiretap systems of several U.S. telecom and internet providers, likely in an effort to gather intelligence on Americans.

The wiretap systems, as mandated under a 30-year-old U.S. federal law, are some of the most sensitive in a telecom or internet provider’s network, typically granting a select few employees nearly unfettered access to information about their customers, including their internet traffic and browsing histories.

But for the technologists who have for years sounded the alarm about the security risks of legally required backdoors, news of the compromises are the “told you so” moment they hoped would never come but knew one day would.

I think it absolutely was inevitable,” Matt Blaze, a professor at Georgetown Law and expert on secure systems, told TechCrunch regarding the latest compromises of telecom and internet providers.



No comments: