CSC 04/23 - Hacking the Motherboard - Exploiting implicit trust in all of the forgotten places

Our economy is becoming more specialized and more and more tasks are being automated. We must have confidence in these systems and the technical infrastructure that supports them. However, this confidence relies on too much implicit trust – overlooking serious risks. Assurance in this area is hard won, manual, and costly.

Last year, Bloomberg’s Big Hack article gave everyone a – questionably accurate but – much needed scare which forced companies to evaluate their exposure to supply chain intervention attacks. We need to understand the attack vectors and the inherent hardware vulnerabilities used by these backdoors, as well as the steps we can take to protect ourselves.

Several recent hacks highlight this problem including the ASUS software update hijacking, the SuperMicro supply chain, and the political-economic arguments for Huawei 5G. Including a technical overview of various types of hardware implants, the access they enable, and what we should be doing to detect and mitigate.