科技回声

11 条评论

pclmulqdq超过 1 年前

If they had the decency to release some good documentation for NXP's devices, I'm sure nobody would mind the hack.I guess we figured out how one nation-state got transparency from NXP.

评论 #38449319 未加载

评论 #38447763 未加载

评论 #38450904 未加载

LeopoldBloom超过 1 年前

Two major pillars of NXP's sales strategy are their security architecture and integration with other NXP devices (primarily connectivity ICs since the Marvell Wi-fi acquisition).They are typically more expensive than competitors (Infineon, TI, ST, etc). This is due to their strategy to only compete in markets where they believe they can command a healthy profit margin.Going to be a difficult strategy to maintain in a few years when there are identical products from China for 1/2 the cost...

评论 #38452749 未加载

miohtama超过 1 年前

Ransomware attack could have been better option for NXP. It would likely be over quickly and force them to take security seriously. Now, they were bleeding industrial and trade secrets for more than a year.

评论 #38454492 未加载

评论 #38463943 未加载

fsflover超过 1 年前

Recent discussion: <a href="https://news.ycombinator.com/item?id=38406429">https://news.ycombinator.com/item?id=38406429</a>

autoexec超过 1 年前

> It's likely the TA knows of specific flaws reported to NXP that can be leveraged to exploit devices the chips are embedded in, and that's assuming they didn't implement backdoors themselves. Over 2.5 years (at least), that's not unrealistic.”I assume these chips had backdoors long before Chinese hackers started collecting files and saving them to dropbox. Pretty convenient to be able to blame Chinese hackers for any backdoors that come to light now.

评论 #38448795 未加载

mips_r4300i超过 1 年前

Domestic Chinese MCU company popping up with suspiciously similar part functionality to NXP's in 3, 2, 1...

nickdothutton超过 1 年前

Your NXP HSM or SHE may not be as secure as you had hoped. Sigh.

toasted-subs超过 1 年前

Seems like what I've had to deal with in real life with mean people bullying me and never letting me have an actual secret.

ganzuul超过 1 年前

What does "several sources" actually mean? Who should that exclude?

baybal2超过 1 年前

With "cloud" services being mentioned, they say hackers used cloud storage to evade detection, but what if the initial intrusion vector itself was planted by an AWS employee?Saudis used their nationals inside Twitter quite brazenly. Imagine how many other rouge nation nationals are there being used by their governments.

评论 #38448173 未加载

评论 #38449029 未加载

2OEH8eoCRo0超过 1 年前

> A prolific espionage hacking group with ties to ChinaLovely

11 条评论

pclmulqdq超过 1 年前

If they had the decency to release some good documentation for NXP's devices, I'm sure nobody would mind the hack.I guess we figured out how one nation-state got transparency from NXP.

评论 #38449319 未加载

评论 #38447763 未加载

评论 #38450904 未加载

LeopoldBloom超过 1 年前

评论 #38452749 未加载

miohtama超过 1 年前

评论 #38454492 未加载

评论 #38463943 未加载

fsflover超过 1 年前

Recent discussion: <a href="https://news.ycombinator.com/item?id=38406429">https://news.ycombinator.com/item?id=38406429</a>

autoexec超过 1 年前

评论 #38448795 未加载

mips_r4300i超过 1 年前

Domestic Chinese MCU company popping up with suspiciously similar part functionality to NXP's in 3, 2, 1...

nickdothutton超过 1 年前

Your NXP HSM or SHE may not be as secure as you had hoped. Sigh.

toasted-subs超过 1 年前

Seems like what I've had to deal with in real life with mean people bullying me and never letting me have an actual secret.

ganzuul超过 1 年前

What does "several sources" actually mean? Who should that exclude?

baybal2超过 1 年前

评论 #38448173 未加载

评论 #38449029 未加载

2OEH8eoCRo0超过 1 年前

> A prolific espionage hacking group with ties to ChinaLovely

Hackers spent 2 years looting secrets of chipmaker NXP before being detected

11 条评论

Hackers spent 2 years looting secrets of chipmaker NXP before being detected

11 条评论