With all the attention on counterfeit electronic components, it's easy to overlook the vulnerabilities of other supply chains in the computing industry. A recent Gartner report calls attention to the importance of investigating the supply chains of software, services, and even data. The report warns that the "IT supply chain" has become alarmingly insecure. One example the report cites is the admission in May 2012 by Chinese mobile-phone maker ZTE that one model of its Android phone had a backdoor installed in its software. The backdoor, which was found only in smartphones shipped to the United States, allowed installation of arbitrary applications and full access to any data stored on the phone. There could be other smart-phones with similar vulnerabilities, says the report.
展开▼