When you buy a new smartphone, you expect it to be bug and malware free, leaving the job of filling the device with useless or malicious software to you. The Department of Homeland Security, however, has admitted on the record that manufacturers might be taking care of that task for you, before the phone reaches your stores.
Instead of final product manufacturers, some of which are U.S.-based companies, intentionally sabotaging their own products, it appears that software and hardware components are being purposely spiked with security-breached data overseas before they’re implanted in our valuable devices.
Acting Deputy Undersecretary of the DHS National Protection and Programs Directorate Greg Schaffer said that both Homeland Security and the White House have known for quite some time that there are security breaches in the product supply chain which enables unknown foreign parties to sneak spyware, malware, and security-compromising components into digital products in the U.S.
This means that both the federal government and businesses should be worried about their supply chain security and the fact that technology sold in the U.S. was either compromised or actively created to allow for cyber attacks by foreign parties.
How can the government and the businesses selling these infected devices fight back? At the moment it seems like big brand-name companies aren’t as vulnerable to these supply chain breaches as counterfeit and gray-market electronics are, but the the government and security experts are currently studying the risks of these infected devices and how they can be averted and remedied.
With the limited amount of information that we have on this topic, the only thing we can recommend to avoid these infected devices is to buy electronics from trusted companies and to stay away from known counterfeit and gray-market electronics (such as those you know are fake or knock-off products but work just as well as the original).