Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Ellen Jennings-Trace

Attacks from nation-states targeting physical device supply chains posing a rising threat

Circuit board and shield icon, Hardware security, computer data protection and electronic technology concept,.

A growing number of businesses believe they have been impacted by hardware supply chain attacks from nation-state threat actors - with 29% of US firms believing they have been targeted.

Researchers from HP Wolf Security surveyed 800 IT and security decision makers (ITSDM) to investigate perceived threats aimed at device hardware and firmware within the physical supply chain.

Over a third of those studied believed they had been targeted by nation-state actors attempting to interest malicious hardware or firmware into devices - and half said they were concerned they cannot verify PC, laptop, or printer hardware hasn’t been tampered with in transit.

Supply chain security

The organizations studied were overwhelmingly concerned with physical targets like PCs, laptops, and printers within the supply chain, with 91% believing that nation-state actors will use malicious components to attack hardware. Uncertainty is rising, with 78% of ITSDMs saying their attention to software and hardware supply chain security will grow as attackers try to infect devices during transit.

Hardware and firmware attacks are particularly alarming as particularly difficult to detect, remove, and remediate. Security tools sit within the operating system, so devices that have been tampered with are hard to identify.

Once an attacker has compromised the hardware or firmware of a device, they have complete control over the appliance, and can see anything the machine is used for.

“‘In today’s threat landscape, managing security across a distributed hybrid workplace environment must start with the assurance that devices haven’t been tampered with at the lower level,” said Boris Balacheff, HP’s Chief Technologist for Security and Research Innovation.

Going forward, HP recommends organizations monitor compliance of device hardware and firmware configuration across all devices, as well as securely managing firmware configurations and adopting platform certificate technology to verify hardware integrity.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.