Security vulnerabilities in technology extend well beyond problems with software. Earlier this month, researchers revealed that the hardware at the heart of nearly every computer, smartphone, tablet and other electronic device is flawed in at least two significant ways code-named Spectre and Meltdown.
Regardless of their cause, the mere existence of these significant vulnerabilities is a symptom of a much wider problem. Too few technology companies are taking proper precautions to protect every step in their supply chains, from raw materials through manufacturing and distribution into customers’ hands. Products could be altered either in the factory or en route to a user, turning, for example, an executive’s smartphone into a handy surveillance device.
I am part of a multidisciplinary team of researchers based at Indiana University studying this thorny problem. Our work has helped highlight the simple fact that better supply chain security could both prevent and make it easier to recover from accidents – as the chip flaws appear to be – and deliberate meddling.