Nowadays, it's difficult to find any hardware vendor who develops all the components present in its products. Many of these components, including firmware, are outsourced to ODMs. As a result, this limits the ability of hardware vendors to have complete control over their hardware products. In addition to creating extra supply chain security risks, this also produces security gaps in the threat modeling process. Through this research, ​we wanted to raise awareness about the risks in the firmware supply chain and the complexity of fixing known vulnerabilities.... By: Alex Matrosov, Alex Ermolov, Kai Michaelis & Richard Hughes Full Abstract: https://www.blackhat.com/asia-22/briefings/schedule/#the-firmware-supply-chain-security-is-broken-can-we-fix-it-26175