IT pros say hackers could compromise device supply chain, firmware security
An opportunity is emerging for hackers to compromise firmware within the supply chain, according to HP Wolf Security, which said that its clients are fearing compromise at levels as low as device firmware.
The survey, based on a poll of 803 IT professionals, asked what the key challenges and threats for security were in terms of priority. By and large, the polls found that attacks in the supply chain and at the low level were front and center.
“Buying PCs, laptops or printers is a security decision with long-term impact on an organization’s endpoint infrastructure,” said Boris Balacheff, chief technologist for security research and innovation at HP Inc.
“The prioritization, or lack thereof, of hardware and firmware security requirements during procurement can have ramifications across the entire lifetime of a fleet of devices — from increased risk exposure, to driving up costs or negative user experience — if security and manageability requirements are set too low compared to the available state of the art.”
In practice, this would allow attackers to get upstream and compromise an equipment or service provider to then gain easy access to clients who never bothered to check their hardware upon installation.
