This is the kind of thing that should motivate every nerd to realize that they do have something to contribute to the revolution even if it seems small at first. Help with opsec and infosec! Orgs are busy thinking about other things! They will be safer if you help them decrease their attack surface.
This wasn’t need shit. This was a supply chain attack. Most people saw supply chain attacks as pure cyber - backdoors, remote listening, etc. This is the first supply chain attack I know of that added lethality. This is something every organization is going to look for on all electronics shipments now.
If you are supplying thousands of devices to an org the first thing you should do is verify the supply chain / your infosec around the ordering process and then disassemble some when they arrive. All it requires is a screwdriver and a spudger at most. Personally, I would have been looking out for recording devices or GPS devices, but you would also discover the bomb material if you did this.
This is the kind of thing that should motivate every nerd to realize that they do have something to contribute to the revolution even if it seems small at first. Help with opsec and infosec! Orgs are busy thinking about other things! They will be safer if you help them decrease their attack surface.
This wasn’t need shit. This was a supply chain attack. Most people saw supply chain attacks as pure cyber - backdoors, remote listening, etc. This is the first supply chain attack I know of that added lethality. This is something every organization is going to look for on all electronics shipments now.
If you are supplying thousands of devices to an org the first thing you should do is verify the supply chain / your infosec around the ordering process and then disassemble some when they arrive. All it requires is a screwdriver and a spudger at most. Personally, I would have been looking out for recording devices or GPS devices, but you would also discover the bomb material if you did this.