In 2018, Bloomberg published a story about malicious microchips that were implanted into motherboards to give spies access to the computers. There are questions about the validity of the story, but I’m not going to address those directly. I’m actually concerned what it means about the hardware as a threat.
We tend to trust the hardware we buy. I’m writing this on an Apple MacBook Pro and I never considered that the motherboard could have an additional chip that would (possibly) bypass security. If it did, that doesn’t mean Apple did it directly, it could have happened at any point in the supply chain.
I can be careful who I buy my computers from but I have no control over who they buy their parts from. I may not even know who they are or if they actually are infecting my motherboard with malicious chips. And as far as I know, there’s no way for me to easily test my hardware to see if it has been tampered with.
The hardware you use every day may be the source of the threat in your organization. If you’re interested in researching this, or writing a short Field Note about what your organization has seen related to this problem, I invite you to submit to our special issue on the Digital Threats of Hardware.ˇ