A team at the University of North Carolina has developed a tool called Coppelia that can automatically find and build exploits for flaws in hardware designs.
The USB Type-C Authentication Program will attempt to address the very real dangers of USB-based attacks, such as USB devices loaded with malicious payloads to compromise the host system and counterfeit cables that can deliver too much (or too little!) power and damage the system.
Apple’s T2 chip on the new Macs perform a wide array of tasks to secure the machine from various hardware- and software-based attacks. The fact that the T2 chip can do so much is also potentially its weakness, as it opens up the machine’s attack surface.
The likelihood of a successful attack using a pair of vulnerabilities in some wireless access points with Bluetooth Low Energy chips against an enterprise network is currently low, but the fact that such an attack can bypass network segmentation is worrying.
Whether or not Chinese spies actually planted rogue chips into Super Micro servers, this kind of supply chain attack is feasible. This is just the tip of the iceberg.