Mastodawn

Simon Springall (he/him). #FBPE Nov 29, 2023

This should be getting a lot more attention. NXP chips are in a lot of products. It's likely the TA knows of specific flaws reported to NXP that can be leveraged to exploit devices the chips are embedded in, and that's assuming they didn't implement backdoors themselves. Over 2.5 years (at least), that's not unrealistic.
https://www.tomshardware.com/news/chinese-hackers-steal-chip-designs-from-major-dutch-semiconductor-company

Chinese hackers steal chip designs from major Dutch semiconductor company — perps lurked for over two years to steal NXP's chipmaking IP: Report

The full extent of the security breach is unknown.

Tom's Hardware

Show thread

Alun Jones Nov 26, 2023

@malwarejake Something about a modern version of the Capacitor Plague. https://en.wikipedia.org/wiki/Capacitor_plague

Capacitor plague - Wikipedia

Show thread

Unprecedented 2023 Nov 26, 2023

@malwarejake Thieves. Don’t have to invent anything. Just steal.

Show thread

Dan Goodin Nov 28, 2023

@malwarejake @catsalad

https://arstechnica.com/security/2023/11/hackers-spent-2-years-looting-secrets-of-chipmaker-nxp-before-being-detected/

Hackers spent 2+ years looting secrets of chipmaker NXP before being detected

Chipmaker claims breach had no "material adverse effect."

Ars Technica

Show thread

hrabbey Dec 20, 2023

"NXP chips are in a lot of products" including phones, access cards, and cars.
This is more evidence that security by obscurity provides limited value, and security implementations that can handle the searchlight of openness is worth something.