When hardware gets hacked, it’s not always users’ fault! In this article, we’ll be sharing more about supply chain hacks (an exploit on suppliers’ negligence), past supply chain hacking incidents (e..g, Petya, NotPetya, and Nitol Botnet), as well as how Cobo defends against supply chain hacks.
What is a supply chain attack?
A supply chain attack is when an attacker attempts to exploit any vulnerability in the supply chain network. It is an infiltration process to gain access to users’ credentials or remote control to their computers. There are several methods of supply chain attack and today, we will explore some of the supply chain attacks.
1. Exploiting loopholes in the software update system.
One common loophole lies in how software updates are distributed to end-user devices. Hackers can penetrate the update system and use it to download executable files onto target computers, allowing them to gain full control¹. One recent example of such an attack is the NotPetya ransomware attacks in 2016. As the story goes, hackers managed to compromise the servers of a Ukrainian accounting software firm — at the time, serving software updates to almost 80% of all Ukrainian corporations — and used the update distribution system to spread a potent combination of extremely contagious NotPetya ransomware and EternalBlue, a Windows exploit allowing hackers to steal password credentials from infected devices. The potent mix affected hundreds of thousands of devices, including those belonging to pharmaceutical companies, electrical plants, and other critical infrastructure.
To make matters worse, the contagious ransomware spread globally through infected computers’ networks. The second wave of NotPetya infections was also helped along via phishing campaign, executed through email spoofing (sending emails filled with NotPetya infections from a forged sender address).
The EternalBlue exploit was eventually patched by Microsoft, but not before major disruptions to the Ukrainian economy and a massive loss of economic productivity (upwards of $10 billion USD).² One of NotPetya’s victims and the world’s largest container ship and supply vessel operator, Maersk, lost up to $300m in lost revenue.³
Given the calamitous consequences for users in the event of a successful supply chain attack, companies everywhere must be extremely vigilant and prepared to defend the integrity of their products.
2. Injecting malware (viruses, spyware, etc.) into counterfeit hardware parts that alter the manufacturer’s source code.
There are instances in which the supply chain is compromised by bad actors. In 2002, a small fraction of Microsoft computers were pre-built with a virus known as Nitol Botnet. From the moment the user turned on the infected computer, the virus began to crawl and steal useful data stored in the computer.³
The virus was eventually removed from Microsoft through Operation b70, which eliminated all Windows products embedded with malware. Microsoft shut down the manufacturer’s operation and closed down the domain (3322.org) that was hosting this malware.
How does Cobo prevent supply chain attacks?
At Cobo, we only work with manufacturers we have vetted and have a strong reputation in the industry. Beyond securing the supply chain, we have also built supply chain immunity into our hardware products, which possess the ability to verify that the device has not been tampered with at any point in its production.
The brand new Cobo Vault is further sealed with an anti-tampering sticker, preventing hackers from redistributing tampered products.
To verify the integrity of Cobo Vault, new users have to authenticate the device’s software on the official Cobo website. The web authentication test can only be passed by Cobo’s very own encrypted security chip. The encryption chip firmware is developed entirely in-house and therefore cannot be replicated anywhere else by anyone else. In other words, Cobo Vault can only be used when all of its components are verified as genuine. In addition, the system verification is performed every time Cobo Vault boots. Thus, users can rest easy in the knowledge that their device is entirely immune to a supply chain attack.
Next, to prevent hijacking of the Cobo software update system, Cobo Vault only reads authentic software updates from Cobo. All Cobo software updates are encrypted, with the encryption done in-house at Cobo. Therefore, it’s impossible to tamper with Cobo’s software updates.
As supply chain hacks continue to become more prevalent, users are faced not only with the challenge of finding companies they trust, but companies they trust to perform well in the security sphere. At Cobo, we believe that “security begins with prevention.” With an array of different security and anti-tampering features, Cobo Vault is the culmination of that belief.
August 20, 2019
August 09, 2019
August 08, 2019