Hey there! Want to stay in the loop with all the latest updates and exclusive content on cutting-edge AI coverage? Be sure to sign up for our daily and weekly newsletters. Learn More
Today’s enterprises are heavily focused on software, but cybersecurity threats targeting hardware are on the rise.
According to a recent report from HP Wolf Security, one in five businesses have experienced attacks on their hardware supply chains. The concern is so high that 91% of IT and security decision makers believe that nation-state threat actors will target physical devices like PCs, laptops, and printers.
Imagine the impact if a device’s firmware or hardware is compromised, giving attackers complete control over everything on that machine, as highlighted by Alex Holland, principal threat researcher at HP Security Lab.
Feeling ‘Blind and Unequipped’
HP Wolf Security’s ongoing research reveals some alarming findings ahead of the Black Hat cybersecurity conference:
- 19% of organizations have been impacted by nation-state actors targeting physical hardware supply chains.
- 51% can’t verify if their devices have been tampered with in the factory or during transit.
- 35% believe they or someone they know have been affected by nation-state actors inserting malicious hardware or firmware into devices.
There’s a growing concern about the risk of device tampering, with 63% anticipating the next major nation-state attack to involve poisoning hardware supply chains.
“Organizations are feeling unprepared and lacking visibility to detect tampering,” says Holland.
Risks of Device Tampering
Attackers can disrupt hardware supply chains through denial of availability, infiltrating factory infrastructure, or intercepting devices in transit. This poses a significant challenge as firmware and hardware attacks are hard to detect and remediate.
“Firmware and hardware attacks are particularly tricky to manage due to their low-level nature, making them difficult to detect using standard security tools,” Holland explains.
Addressing Password Hygiene
Despite the emphasis on password security, managing firmware configurations often lacks strong password hygiene. Weak or shared passwords can lead to unauthorized access and tampering.
“Password-based mechanisms controlling firmware access are not well implemented,” Holland points out.
Ensuring Strong Supply Chain Security
Organizations can enhance hardware security with tools like platform certificates and solutions such as HP Sure Admin and HP Tamper Lock to prevent physical tampering and maintain device integrity.
“Organizational security relies on strong supply chain security. Knowing what’s in your devices and ensuring they haven’t been tampered with is crucial for building trust,” emphasizes Holland.