This wasn't need shit. This was a supply chain attack. Most people saw supply chain attacks as pure cyber - backdoors, remote listening, etc. This is the first supply chain attack I know of that added lethality. This is something every organization is going to look for on all electronics shipments now.
If you are supplying thousands of devices to an org the first thing you should do is verify the supply chain / your infosec around the ordering process and then disassemble some when they arrive. All it requires is a screwdriver and a spudger at most. Personally, I would have been looking out for recording devices or GPS devices, but you would also discover the bomb material if you did this.
This wasn't need shit. This was a supply chain attack. Most people saw supply chain attacks as pure cyber - backdoors, remote listening, etc. This is the first supply chain attack I know of that added lethality. This is something every organization is going to look for on all electronics shipments now.
If you are supplying thousands of devices to an org the first thing you should do is verify the supply chain / your infosec around the ordering process and then disassemble some when they arrive. All it requires is a screwdriver and a spudger at most. Personally, I would have been looking out for recording devices or GPS devices, but you would also discover the bomb material if you did this.