Uncovering the hidden patterns of the consumer electronics industry - DeviceCode
S02:E01

Uncovering the hidden patterns of the consumer electronics industry - DeviceCode

Episode description

“The consumer electronics industry works differently than people actually think”, says Armijn Hemel creator of DeviceCode. Behind the different brands and casings is often the same hardware, created by a single Original Design Manufacturer. But the disclosure of security vulnerabilities is mostly focused on single devices. So when a CVE is published for device A from vendor X it conceals that the security flaw may also exist in a similar device of a different vendor. DeviceCode collects structured technical information about consumer devices to reveal these hidden patterns of the industry in order to improve security.

Demystifying the electronics industry can also be a step toward increasing the local production of electronics. Reasons to opt for local manufacturing are the vulnerability of global supply chains, environmental impact, worker rights, software security and preventing backdoors. A better understanding of the industry could inspire a bottom up approach to a more diversified electronics industry.

Links
DeviceCode repositories:
Code
Data

NGI Zero projects
DeviceCode
And also mentioned: VulnerableCode

If you are interested in Armijn’s knowledge about Open Source Software supply chain management (briefly mentioned at the end of the podcast) watch the NGI Zero webinar with Armijn: Open Source in (Consumer) Electronics Supply Chains (Episode 1 of a 4-part series The Ins and Outs of Open Software Supply Chain)

Other projects and talks mentioned
The Open Wrt hardware device: OpenWrt One

Talks on the hardware supply chain by Andrew “bunnie” Huang
Supply Chain Security: “If I were a Nation State…” at BlueHat IL, 2019.
An Alternative to the American way of Innovation at TEDxPickeringStreet.
NGI Zero webinar about IRIS: (Infra-Red, In-Situ) inspection of silicon.