In this episode of the podcast (#167): two stories this week – one from Pittsburgh and one from New York – have highlighted anxiety about Chinese made cameras and other security gear deployed in U.S. government agencies and in cities and towns. We’re joined by Terry Dunlap the co-founder of ReFirm Labs to talk about why software supply chain risks are real -and growing.
From China with Love: New York Firm sold millions in PRC Surveillance Gear to US Government, Military
A complaint unsealed by the Department of Justice on Thursday alleges a New York firm engineered a years-long scheme to deceive the U.S. government: selling Chinese manufactured cameras and other gear to the U.S. Military, the Department of Energy and other government agencies that it claimed were “Made in the U.S.A”.
In-brief: A year after Mirai, as many as 100,000 devices, globally, may be running some version of the Mirai malware, while countless others are vulnerable to being enlisted in a Mirai-like attack. Worse: these systems may not be patched for “years,” according to the SANS Internet Storm Center.
In-brief: After seeding the globe with hackable DVRs and webcams, Zhejiang Dahua Technology Co., Ltd. of Hangzhou, China will be working with the U.S. firm Synopsys to “enhance the security of its Internet of Things (IoT) devices and solutions.”
In-brief: a botnet of 120,000 cameras that takes its orders from servers based in Iran uses a long-ago disclosed security vulnerability in camera software to spread. The flaw affects over 1,000 different models of cameras, Trend Micro reports.