Interesting paper demonstrating a threat vector from replacement parts to consumer (easily commercial / industrial) electronic devices. This paper shows, ‘attacks by malicious peripherals are feasible, scalable, and invisible to most detection techniques.’ The authors of the paper demonstrate several use cases and prove the effectiveness of the technology.
Product cybersecurity extends well beyond the development and operate life cycle of a product, and clearly requires the maintenance phase too. The greatest challenge will be the attractiveness of non-branded 3rd party parts due to their $ savings and lack of IP protection. Other ideas and thoughts?