Comment by photochemsyn
Comment by photochemsyn 2 days ago
There's also the hit to the reputation of the manufacturers of these devices to consider (even though they were almost certainly intercepted some time after manufacture and modified in transit, or replaced with a different batch that had been ordered by the perpetrator and modified ahead of time for a quick swap). The perpetrator may have been spying on the pager network for some time, and if so then their cover is blown and their information source is gone.
The larger issue is that if shipments of pagers can be intercepted and modified in this manner, then any electronic device can be subjected to other hardware-based attacks - eavesdropping devices, keystroke loggers, etc. What if large numbers of countries with developing tech markets start looking at the suppliers involved the way the USA looks at China's Huawei?
In general this boosts the open-soure model for both software and hardware, so the expected hardware configuration that can be checked visually and with other user-available tools. If any phone, pager, tablet or laptop can be physically hijacked and modified, the user should be allowed access to all the information and tools needed to detect it. This assumes the factory itself is not the bad actor.
Hardware security consultant firms probably have a bright future. Also robots for assistance with inspection.
> What if large numbers of countries with developing tech markets start looking at the suppliers involved the way the USA looks at China's Huawei?
It's well known that the NSA performs supply chain attacks by planting spyware on hardware which goes through the USA. https://www.theguardian.com/books/2014/may/12/glenn-greenwal...
Whenever the USA complain about something China is allegedly doing, it's a good bet that they know someone in the USA camp is doing that very thing.