“The consumer electronics industry works differently than people actually think”, says Armijn Hemel creator of DeviceCode. Behind the different brands and casings is often the same hardware, created by a single Original Design Manufacturer. But the disclosure of security vulnerabilities is mostly focused on single devices. So when a CVE is published for device A from vendor X it conceals that the security flaw may also exist in a similar device of a different vendor. DeviceCode collects structured technical information about consumer devices to reveal these hidden patterns of the industry in order to improve security.
Demystifying the electronics industry can also be a step toward increasing the local production of electronics. Reasons to opt for local manufacturing are the vulnerability of global supply chains, environmental impact, worker rights, software security and preventing backdoors. A better understanding of the industry could inspire a bottom up approach to a more diversified electronics industry.
Links
DeviceCode repositories:
Code
Data
NGI Zero projects
DeviceCode
And also mentioned: VulnerableCode
If you are interested in Armijn’s knowledge about Open Source Software supply chain management (briefly mentioned at the end of the podcast) watch the NGI Zero webinar with Armijn: Open Source in (Consumer) Electronics Supply Chains (Episode 1 of a 4-part series The Ins and Outs of Open Software Supply Chain)
Other projects and talks mentioned
The Open Wrt hardware device: OpenWrt One
Talks on the hardware supply chain by Andrew “bunnie” Huang
Supply Chain Security: “If I were a Nation State…” at BlueHat IL, 2019.
An Alternative to the American way of Innovation at TEDxPickeringStreet.
NGI Zero webinar about IRIS: (Infra-Red, In-Situ) inspection of silicon.