Tag: supply chain

Far flung supply chains for hardware and software can pose security risks for tech firms and their customers. (Image courtesy of sourcemap.com)

Software’s Sausage Factory: The Supply Chain

In-brief: Experts warn that supply chain insecurity run broad and deep, threatening the security and integrity of technology dependent organizations.

A denial of service attack on the managed DNS firm DYN was due, in part, to attacks from Internet of Things devices running the Mirai malware.

Another Supply Chain Mystery: IP Cameras Ship With Malicious Software

In-brief: The discovery of a malicious link buried in software for a common IP camera sold on Amazon and other online retail outlets is just the latest example of supply chain based threats to connected products.  

Wearable cameras sold by the company Martel are reported to have shipped with a version of the Conficker malware. (Image courtesy of Martel Electronics.)

Firm Puzzled by Body Cams Infected with Malware

In-brief: a California company that makes wearable cameras that are used by law enforcement and the military said a report that it shipped cameras infected with the Conficker virus were “distressing,” but that it was unable to locate the malware on its devices or within its environment. 

Under The Hood: Wireless Software Links Teslas, Drones

Under The Hood: Wireless Software Links Teslas, Drones

In-brief: The same wireless software that powers a consumer quadcopter is also under the hood of Tesla’s Model S, according to a leading security expert – underscoring the increasingly long and complex software supply chain for connected products.

More Supply Chain Woes: DeathRing Is Factory-Loaded Smartphone Malware

More Supply Chain Woes: DeathRing Is Factory-Loaded Smartphone Malware

The folks over at Lookout Security have an interesting blog piece on “DeathRing,” a Chinese Trojan that comes pre-installed on a number of smartphones most popular in Asian and African countries. According to the bulletin, the Trojan masquerades as a ringtone app, but downloads an SMS and WAP (or “wireless access protocol” ) content from a command and control server to the victim’s phone once it is installed. That downloaded content can be used for various malicious, money-making schemes, according to Lookout. For example, DeathRing can use the SMS content to send phishing text messages to the phone to elicit sensitive information from the user. The WAP content to manipulate a mobile user’s web browsing session. For example: the attackers might prompt victims to download additional mobile applications or add-ons, potentially extending their reach over the victim’s device and data. [Read more Security Ledger coverage of supply chain risks.] Lookout […]