Risky Business #436 -- Do you know your supply chain is horrible?

Presented by

On this week’s show we’re chatting with Fitbit security director Sasha Biskup and his colleague Marc Bown about how to build secure embedded devices from insecure components. During the development phase of some Fitbit products, the Fitbit security team has discovered some hideous vulnerabilities that could have compromised security downstream. They’ve been able to mitigate these issues, but they worry other embedded device manufacturers aren’t even looking at the security implications of their suppliers’ mistakes.

This week’s show is brought to you by CyberArk! CyberArk’s Jeffrey Kok is this week’s sponsor guest. He joins the show to talk about what CyberArk knows best – privileged account management. It’s such a basic thing, but it’s hard to do right.

This week’s news segment was recorded at Kiwicon in Wellington, NZ, and features Assurance.com.au’s Neal Wise, plus Rob Fuller and David Jorm.

Show notes

In world of internet-enabled things, US says security needed

Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say- The New York Times

Ars Technica

Russian hackers throw Trump victory party with new spear phishing campaign | Ars Technica