By Dr. Eyal Weiss, Founder & CTO, Cybord
The risks of and lack of solutions for cyber-based threats to supply chains are cause for growing concern within the #cybersecurity industry. The cost-driven market requires the use of commercially available off-the-shelf (COTS) components or just-in-time (JIT) manufacturing processes for electronic assemblies, of which most are produced in unsecured foreign facilities. In addition, pre-assembled components can be tampered with or altered, and their authenticity or integrity cannot be assured. These attacks can be launched by two methods:
Hardware cyber-attacks can be performed by inserting malware-firmware into a programmable component. The altered firmware allows the attacker access to the system. To facilitate this attack, the attacker needs to unmount the component from its package and interface it with a programming probe.
A more sophisticated approach was presented in the disputed “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” published by Bloomberg in October 2018, about an alleged cyber-attack. The attackers engineered a component to pose as an innocent passive component. In this case, the component was designed to have the look-and-feel of an authentic component with embedded malicious hardware capabilities inserted during production.
Most believe that there is no effective way to stop the hardware-cyber infiltration through the supply chain. This is no longer true. Cybord’s system allows affordable scanning of all components before they are installed, even the cheap passive ones, and detect re-programmed and hardware engineered components. How can you be sure your hardware wasn’t hacked if you haven’t checked?!