{"id":46626,"date":"2022-05-12T22:57:04","date_gmt":"2022-05-12T22:57:04","guid":{"rendered":"https:\/\/www.darkreading.com\/risk\/black-hat-asia-firmware-supply-chain-woes-plague-device-security"},"modified":"2022-05-12T22:57:04","modified_gmt":"2022-05-12T22:57:04","slug":"black-hat-asia-firmware-supply-chain-woes-plague-device-security","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/","title":{"rendered":"Black Hat Asia: Firmware Supply Chain Woes Plague Device Security"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt05efa42aa1c60ada\/627d849f6f3dd96ef703a43b\/PatchTime-OlivierLeMoal-Alamy.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>BLACK HAT ASIA 2022 \u2014 When it comes to developing the firmware that powers computing devices, the ecosystem consists of complex supply chains that have multiple contributors. For any given device, firmware could be made up of a hodgepodge of components from different sources. And that means that when it&#8217;s time to address security vulnerabilities, it&#8217;s far from a straightforward process to get a patch out to the public.<\/p>\n<p>During a panel-discussion session at Black Hat Asia on Thursday, entitled &#8220;<a href=\"https:\/\/www.blackhat.com\/asia-22\/briefings\/schedule\/#the-firmware-supply-chain-security-is-broken-can-we-fix-it-26175\" target=\"_blank\" rel=\"noopener\">The Firmware Supply-Chain Security Is Broken: Can We Fix It?<\/a>&#8220;, Kai Michaelis, co-founder and CTO at Immune GmbH, outlined what he called the overgrown supply-chain &#8220;tree,&#8221; out of which grows onerous code reviews, and lengthy patching processes when a bug is found.<\/p>\n<p>In fact, six to nine months for patches to roll out is the average, according to the panelists \u2014 with two years being not uncommon. And that means the supply chain represents a wide attack surface that&#8217;s ripe for compromise, they warned. Given that vulnerable firmware threatens safety of the operating system and any applications, the potential for cyberattackers <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/millions-of-lenovo-laptops-contain-firmware-level-vulnerabilities\" target=\"_blank\" rel=\"noopener\">to find exploitable vulnerabilities<\/a> is a serious concern.<\/p>\n<p><strong>A Thorny Tree of Supply-Chain Complexity<\/strong><\/p>\n<p>The final firmware that vendors incorporate into their hardware is a multisourced affair, explained Michaelis. Stakeholders can include various component vendors, a few open source repositories, reference implementations, original design manufacturers, independent BIOS vendors, and finally, the original equipment manufacturers (OEMs) that create and sell the final product to channel partners and end users.<\/p>\n<p>Further complicating matters is the fact that subsystem vendors might be sitting in the middle of the code tree, itself combining elements from multiple component manufacturers into a single offering.<\/p>\n<p>The unfortunate end result is that when a vulnerability is reported, OEMs often have multiple &#8220;branches&#8221; from which patches and updates flow \u2014 and they usually have no visibility to each other.<\/p>\n<p>&#8220;It&#8217;s a tree of suppliers and updates with little coordination between them, and the OEM has to ingest all of it,&#8221; Michaelis said. &#8220;For vendors, packaging updates is a fairly manual process, and then consumers need to actually install those updates. In all, the patching process as it stands can be measured in months to years.&#8221;<\/p>\n<p>One of the main issues that Michaelis flagged is the fact that when bugs are found, they may be benign in and of themselves. However, when combined with additional vulns in other parts of the firmware, the flaws become weaponizable and could allow attacks on value-added reseller (VAR) partners \u2014 and from there, end users. <\/p>\n<p>&#8220;Convincing a vendor to patch what it believes is a harmless flaw is not easy,&#8221; he said. &#8220;And even if there is a patch, it takes so long for it to get downstream that an attacker could easily find another vulnerability to combine with it in the meantime. So this is the problem: Bugs exist in isolation because vendors don&#8217;t talk to each other, and bugs have a long shelf life.&#8221;<\/p>\n<p>There are at least three other aspects that make matters even worse: One, end-of-life (EoL) devices often don&#8217;t get updates; two, each vendor follows its own patch cycle; and three, sometimes vendors offer silent updates without issuing an advisory, which can discourage OEMs from incorporating patches.<\/p>\n<p><strong>Repeating the Same Mistakes<\/strong><\/p>\n<p>Alex Matrosov, founder and CEO at Binarly, explained during the panel that like in the <a href=\"https:\/\/www.darkreading.com\/risk\/nist-guidance-software-supply-chain-risk\" target=\"_blank\" rel=\"noopener\">software supply chain<\/a>, firmware bugs can also be spread and re-imported even after they&#8217;ve been patched, resulting in what he called &#8220;repeatable failures.&#8221;<\/p>\n<p>For instance, a bug recently disclosed in one of the components in the Intel M15 laptop kit (CVE-2022-27493) is a classic out-of-bounds write flaw stemming from system-management mode (SMM) memory corruption \u2014 but not as what it seems.<\/p>\n<p>&#8220;It&#8217;s actually a 2019 bug found in the AMI codebase that we&#8217;ve now discovered in 2022 firmware,&#8221; Matrosov explained. &#8220;This vulnerability was fixed, but the fixed version was not included by the device vendor. It&#8217;s a very vulnerable component and has been known for years as a suitable attack vector, and it should be removed.&#8221;<\/p>\n<p>In another example, vulnerable code in an EDK open source library called SecurityPkg was removed in EDK II in 2018. However, somehow it found its way into 2022 firmware affecting several OEMs, via another library. &#8220;The risk was exponentially compiled,&#8221; Matrosov said.<\/p>\n<p><strong>Best Principles for Pruning Back the Patching Misery<\/strong><\/p>\n<p>So, what&#8217;s to be done? According to the panel, it will take a profound shift in strategy and thinking to reliably shore up firmware security. However, a good place to start is an aspirational list of first principles.<\/p>\n<p>The panelists advocated, for instance, that OEMs and members of the security community as a whole make a concerted effort to educate component vendors and other supply-chain elements about security and convince them that updates are a necessity, even for EoL devices \u2014 and that further, if they don&#8217;t issue a CVE, it becomes more difficult to communicate the urgency to patch and the bugs become difficult to track.<\/p>\n<p>OEMs also should put in place efforts to increase risk transparency, according to the panel. This can be done by facilitating greater communication between vendors and creating a centralized repository of information about patches and bugs.<\/p>\n<p>&#8220;Fixing the supply chain is a team sport,&#8221; Matrosov said, noting that working with computer emergency response teams (CERTs) is a good goal.<\/p>\n<p>&#8220;We really need an independent body to help coordinate patches when they affect multiple vendors, and to facilitate simultaneous patching. If one vendor patches and another doesn&#8217;t, it creates a dangerous zero-day situation for a subset of the devices,&#8221; he added.<\/p>\n<p>Private security community collaboration will also be key, the panelists said. For instance, the Linux Foundation has launched a website called LVFS, which is a vendor firmware service that allows OEMs to upload firmware updates to be distributed to Linux users at zero cost. So far, about 150 vendors are participating, including Dell, HP, Intel, and Lenovo.<\/p>\n<p>&#8220;There are about 1,000 different devices supported, and we&#8217;ve shipped more than 51 million updates since we started the project,&#8221; said panelist Richard Hughes, principal engineer at Red Hat. &#8220;Also, we can take the firmware and decompress it into shards. A shard might be an EFI, binary, Intel microcodes, AMD PSP image, etc. So, all of those vendors uploading all those updates gives us a huge amount of data.&#8221;<\/p>\n<p>From there, the system can show users, say, the newest available Intel microcode for all of the different models in the system \u2014 and can push updates automatically.<\/p>\n<p>There&#8217;s plenty to be done, but Hughes struck an optimistic note.<\/p>\n<p>&#8220;My personal conclusion is that by working together with CERTs and security companies, we can improve the immune system even further, speeding up the process of shipping fixes to end users and making sure that security issues patched by all vendors,&#8221; Hughes said. &#8220;These are really hard problems that have plagued the entire industry for 20 years. Only now do we have all the infrastructure and the data to make things better.&#8221;<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/risk\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years. For cybercriminals, it&#8217;s a veritable playground.Read More <a href=\"https:\/\/www.darkreading.com\/risk\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-46626","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Black Hat Asia: Firmware Supply Chain Woes Plague Device Security 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Black Hat Asia: Firmware Supply Chain Woes Plague Device Security 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-12T22:57:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt05efa42aa1c60ada\/627d849f6f3dd96ef703a43b\/PatchTime-OlivierLeMoal-Alamy.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Black Hat Asia: Firmware Supply Chain Woes Plague Device Security\",\"datePublished\":\"2022-05-12T22:57:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\\\/\"},\"wordCount\":1181,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt05efa42aa1c60ada\\\/627d849f6f3dd96ef703a43b\\\/PatchTime-OlivierLeMoal-Alamy.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\\\/\",\"name\":\"Black Hat Asia: Firmware Supply Chain Woes Plague Device Security 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt05efa42aa1c60ada\\\/627d849f6f3dd96ef703a43b\\\/PatchTime-OlivierLeMoal-Alamy.jpg\",\"datePublished\":\"2022-05-12T22:57:04+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt05efa42aa1c60ada\\\/627d849f6f3dd96ef703a43b\\\/PatchTime-OlivierLeMoal-Alamy.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt05efa42aa1c60ada\\\/627d849f6f3dd96ef703a43b\\\/PatchTime-OlivierLeMoal-Alamy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Black Hat Asia: Firmware Supply Chain Woes Plague Device Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Black Hat Asia: Firmware Supply Chain Woes Plague Device Security 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/","og_locale":"en_US","og_type":"article","og_title":"Black Hat Asia: Firmware Supply Chain Woes Plague Device Security 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-05-12T22:57:04+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt05efa42aa1c60ada\/627d849f6f3dd96ef703a43b\/PatchTime-OlivierLeMoal-Alamy.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Black Hat Asia: Firmware Supply Chain Woes Plague Device Security","datePublished":"2022-05-12T22:57:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/"},"wordCount":1181,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt05efa42aa1c60ada\/627d849f6f3dd96ef703a43b\/PatchTime-OlivierLeMoal-Alamy.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/","url":"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/","name":"Black Hat Asia: Firmware Supply Chain Woes Plague Device Security 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt05efa42aa1c60ada\/627d849f6f3dd96ef703a43b\/PatchTime-OlivierLeMoal-Alamy.jpg","datePublished":"2022-05-12T22:57:04+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt05efa42aa1c60ada\/627d849f6f3dd96ef703a43b\/PatchTime-OlivierLeMoal-Alamy.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt05efa42aa1c60ada\/627d849f6f3dd96ef703a43b\/PatchTime-OlivierLeMoal-Alamy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/black-hat-asia-firmware-supply-chain-woes-plague-device-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Black Hat Asia: Firmware Supply Chain Woes Plague Device Security"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46626","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=46626"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46626\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=46626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=46626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=46626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}