Kill switches, backdoors could poison supply chain, warns CTO

Kill switches and backdoors inserted into Internet-enabled devices at the point of manufacture could act as a conduit for organized criminals or foreign states to access those devices after they’re deployed by their buyers, the Chief Technology Officer of a vendor of risk management services for cyber threats warned in a statement issued July 18.

“Specific vulnerabilities that are usually very hard to detect have been discovered in components used in some U.S. systems, providing the first solid evidence that weak firmware exists in the U.S.-China supply chain,” observed CTO Richard Walters, of London-based Invictis.

“The theoretical threat, now a reality, is that flaws embedded in a device at the point of manufacture could be used to disable or extract data from it or to use the device as a launch point for an attack across the network to which it is attached,” he continued. “Consequently, it is now a real possibility that malware could be written to exploit the weaknesses hard-coded into components to carry out sophisticated targeted commercially or politically motivated attacks.”