iSuppli You, You Supply Me, and the Twain Shall Meet

There have been quite a number of news articles of late in which the innards of the likes of the iPhone, HTC Droid Incredible phone and the Amazon Kindle were examined, mostly in relation to the cost of components adding up to more than the price of the device. In  many of these reports, the source of the information about what’s inside these devices is iSuppli, which pulls equipment apart to see where the different pieces come from and what they cost.

For me, it is particularly interesting to see the origins of the critical components of these devices, since I have been pitching the idea that we do not realize the dependencies that are common within supply chains for software and computer-based equipment. Such common points of failure, in many instances, can represent a security risk, perhaps even a threat to national security. We have seen how attacks on commonly-used software spread rapidly throughout interconnected devices, and there are also instances of equipment harboring common components that all fail when exposed to the same stimulus.

In any event, if you look through the various components laid out on page B5 of The Wall Street Journal of July 30, 2010, in a section with the title “Breaking Apart,” we see that at least two components of the HTC Droid Incredible and the Apple iPhone 4, namely, DRAM memory and Connectivity, are supplied by the same vendors (Samsung and Broadcom respectively). While it might well be possible to multisource some of the components, there is clearly an intensifying of risk when seemingly unrelated devices from very different vendors rely on common components from the same source. It becomes a matter of even greater importance if one factors in concerns about the bad guys tampering with hardware and firmware (software that may be “burned” into computer chips). This concern has now gone mainstream with an article in the August 2010 issue of Scientific American by John Villasenor with the provocative title “The Hacker in Your Hardware.” The combination of common components and increased threat of compromise of the equipment makes for high risk of successful attacks with broad impact.

Post a Comment

Your email is never published nor shared. Required fields are marked *