Imported Software Preloaded with Malware Claims Homeland Security

The US Department of Homeland Security has claimed that some of the imported software and hardware components in the US are affected with malware.

The Cyber Policy Review released by the White House claimed that there was small number of such incidents on record but the threat was pretty much real.

“The challenge with supply chain attacks is that a sophisticated adversary might narrowly focus on particular systems and make manipulation virtually impossible to discover,” the report [PDF] read.

“Foreign manufacturing does present easier opportunities for nation-state adversaries to subvert products; however, the same goals could be achieved through the recruitment of key insiders or other espionage activities,” it added.

The deputy undersecretary of the Department of Homeland Security (DHS) National Protection and Programs Directorate GregSchaffer told the House Oversight and Government Reform Committee that he was aware of such attacks that had happened recently.

The US government believes that manufacturers deliberately made their products vulnerable so that the flaw can be used to launch cyber-attacks on the US government, companies and consumers.

The DHS official did not point any fingers but his revelation was clear. Chinese manufacturers made the components that are used to make consumer and enterprise products.