supply chain

22 Articles

This Week In Security: Second Verse, Worse Than The First

March 27, 2026 by 16 Comments

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the wild, dubbed Darksword.

Like Coruna, Darksword appears to have followed the path of government security contractors, to different government actors, to crypto stealer. It appears to focus on exploits already fixed in modern iOS releases, with most affecting iOS 18 and all patched by iOS 26.3.

Going from almost no public examples of modern iOS exploits to two in as many weeks is wild, so if mobile device security is of interest, be sure to check out the Google write-up.

Another FBI Router Warning

The second too early to be retro – but too important to ignore – repeat security item is a second alert by the FBI cautioning about end-of-life consumer network hardware under active exploitation, with the FBI tracking almost 400,000 device infections so far.

Like the warning two weeks ago, the FBI calls out a handful of consumer routers – but this time they’re devices that may actually still be service in some of our homes (or our less cutting edge friends and family), calling out devices from Netgear, TP-Link, D-Link, and Zyxel:

  • Netgear DGN2200v4 and AC1900 R700
  • TP-Link Archer C20, TL-WR840N, TL-WR849N, and WR841N
  • D-Link DIR-818LW, 850L, and 860L
  • Zyxel EMG6726-B10A, VMG1312-B10D, VMG1312-T20B, VMG3925-B10A, VMG3925-B10C, VMG4825-B10A, VMG4927-B50A, VMG8825-T50K

While many of these devices are over ten years old, they still support modern networking – some of them even supporting 802.11ac (also called Wi-Fi 5).  Unfortunately, since support has been ended by the manufacturers, publicly disclosed vulnerabilities have not been patched (and now never will be, officially) Continue reading “This Week In Security: Second Verse, Worse Than The First”

I, Integrated Circuit

February 4, 2026 by 78 Comments

In 1958, the American free-market economist Leonard E Read published his famous essay I, Pencil, in which he made his point about the interconnected nature of free market economics by following everything, and we mean Everything, that went into the manufacture of the humble writing instrument.

I thought about the essay last week when I wrote a piece about a new Chinese microcontroller with an integrated driver for small motors, because a commenter asked me why I was featuring a non-American part. As a Brit I remarked that it would look a bit silly were I were to only feature parts made in dear old Blighty — yes, we do still make some semiconductors! — and it made more sense to feature cool parts wherever I found them. But it left me musing about the nature of semiconductors, and whether it’s possible for any of them to truly only come from one country. So here follows a much more functional I, Chip than Read’s original, trying to work out just where your integrated circuit really comes from. It almost certainly takes great liberties with the details of the processes involved, but the countries of manufacture and extraction are accurate. Continue reading “I, Integrated Circuit”

A Field Guide To The North American Cold Chain

July 17, 2025 by 22 Comments

So far in the “Field Guide” series, we’ve mainly looked at critical infrastructure systems that, while often blending into the scenery, are easily observable once you know where to look. From the substations, transmission lines, and local distribution systems that make up the electrical grid to cell towers and even weigh stations, most of what we’ve covered so far are mega-scale engineering projects that are critical to modern life, each of which you can get a good look at while you’re tooling down the road in a car.

This time around, though, we’re going to switch things up a bit and discuss a less-obvious but vitally important infrastructure system: the cold chain. While you might never have heard the term, you’ve certainly seen most of the major components at one time or another, and if you’ve ever enjoyed fresh fruit in the dead of winter or microwaved a frozen burrito for dinner, you’ve taken advantage of a globe-spanning system that makes sure environmentally sensitive products can be safely stored and transported.

Continue reading “A Field Guide To The North American Cold Chain”

Hackaday Links Column Banner

Hackaday Links: June 8, 2025

June 8, 2025 by 21 Comments

When purchasing high-end gear, it’s not uncommon for manufacturers to include a little swag in the box. It makes the customer feel a bit better about the amount of money that just left their wallet, and it’s a great way for the manufacturer to build some brand loyalty and perhaps even get their logo out into the public. What’s not expected, though, is for the swag to be the only thing in the box. That’s what a Redditor reported after a recent purchase of an Nvidia GeForce RTX 5090, a GPU that lists for $1,999 but is so in-demand that it’s unobtainium at anything south of $2,600. When the factory-sealed box was opened, the Redditor found it stuffed with two cheap backpacks instead of the card. To add insult to injury, the bags didn’t even sport an Nvidia logo.

The purchase was made at a Micro Center in Santa Clara, California, and an investigation by the store revealed 31 other cards had been similarly tampered with, although no word on what they contained in lieu of the intended hardware. The fact that the boxes were apparently sealed at the factory with authentic anti-tamper tape seems to suggest the substitutions happened very high in the supply chain, possibly even at the end of the assembly line. It’s a little hard to imagine how a factory worker was able to smuggle 32 high-end graphics cards out of the building, so maybe the crime occurred lower down in the supply chain by someone with access to factory seals. Either way, the thief or thieves ended up with almost $100,000 worth of hardware, and with that kind of incentive, this kind of thing will likely happen again. Keep your wits about you when you make a purchase like this.

Continue reading “Hackaday Links: June 8, 2025”

A screenshot of the website, showing various parts from Western manufacturers

How Many Western ICs Are There In Russia’s Weapons?

June 8, 2024 by 60 Comments

Recently, the Ukrainian government has published a database of Western components being used in recently produced Russian armaments, and it’s a fascinating scroll. Just how much does Russia rely on Western manufacturers’ parts? It turns out, a surprising amount. For instance, if you are wondering which ICs are used to build Iran-produced Shahed drones, it seems that it’s a whole bunch of Texas Instruments parts, as well as some Maxim, Intel, and Xilinx ones. Many of the parts in the lists are MCUs and FPGAs, but it’s also surprising how many of the components are jelly bean parts with multiple suppliers.

There appear to be thousands of parts listings, compiled from a good few dozen pieces of equipment that volunteers appear to have taken apart and scrupulously documented – just take a look at the dropdowns at the top of the page. The Ukrainian government is advocating for parts restrictions to be implemented based upon this data – as we all remember, it’s way harder to produce hardware when you can’t buy crucial ICs.

Even for a regular hacker, this database is worth a scroll, if only to marvel at all the regular parts we wouldn’t quite associate with military use. Now, all that’s left is to see whether any of the specific chips pictured have been sold to washing machine manufacturers.

A map of the world with continents in light grey and countries outlined in dark grey. A nuber of yellow and grey circles with cartoon factories on them are connected with curved lines reminiscent of airplane flight paths. The lines have seemingly-arbitrary binary ones and zeros next to them. All of the grey factories are in the Americas, likely since IoP is currently focused on Africa and Europe.

Internet Of Production Alliance Wants You To Think Globally, Make Locally

February 29, 2024 by 19 Comments

With the proliferation of digital fabrication tools, many feel the future of manufacturing is distributed. It would certainly be welcome after the pandemic-induced supply chain kerfuffles from toilet paper to Raspberry Pis. The Internet of Production Alliance (IoP) is designing standards to smooth this transition. [via Solarpunk Presents]

IoP was founded in 2016 to build the infrastructure necessary to move toward a global supply chain based on local production of goods from a global database of designs instead of the current centralized model of production with closed designs. Some might identify this decentralization as part of the Fourth Industrial Revolution. They currently have developed two standards, Open Know-Where [PDF] and Open Know-How.

Open Know-Where is designed to help locate makerspaces, FabLabs, and other spaces with the tools and materials necessary to build a thing. The sort of data collected here is broken down in to five categories: manufacturing facility, people, location, equipment, and materials. Continue reading “Internet Of Production Alliance Wants You To Think Globally, Make Locally”

Hackaday Links Column Banner

Hackaday Links: November 13, 2022

November 13, 2022 by 6 Comments

Talk about playing on hard mode! The news this week was rife with stories about Palmer Luckey’s murder-modified VR headset, which ostensibly kills the wearer if their character dies in-game. The headset appears to have three shaped charges in the visor pointing right at the wearer’s frontal lobe, and would certainly do a dandy job of executing someone. In a blog post that we suspect was written with tongue planted firmly in cheek, Luckey, the co-founder of Oculus, describes that the interface from the helmet to the game is via optical sensors that watch the proceeding on the screen, and fire when a certain frequency of flashing red light is detected. He’s also talking about ways to prevent the removal of the headset once donned, in case someone wants to tickle the dragon’s tail and try to quickly rip off the headset as in-game death approaches. We’re pretty sure this isn’t serious, as Luckey himself suggested that it was more of an office art thing, but you never know what extremes a “three commas” net worth can push someone to.

There’s light at the end of the Raspberry Pi supply chain tunnel, as CEO Eben Upton announced that he foresees the Pi problems resolving completely by this time next year. Upton explains his position in the video embedded in the linked article, which is basically that the lingering effects of the pandemic should resolve themselves over the next few months, leading to normalization of inventory across all Pi models. That obviously has to be viewed with some skepticism; after all, nobody saw the supply chain issues coming in the first place, and there certainly could be another black swan event waiting for us that might cause a repeat performance. But it’s good to hear his optimism, as well as his vision for the future now that we’re at the ten-year anniversary of the first Pi’s release.

Continue reading “Hackaday Links: November 13, 2022”