Two major pillars of NXP's sales strategy are their security architecture and integration with other NXP devices (primarily connectivity ICs since the Marvell Wi-fi acquisition).
They are typically more expensive than competitors (Infineon, TI, ST, etc). This is due to their strategy to only compete in markets where they believe they can command a healthy profit margin.
Going to be a difficult strategy to maintain in a few years when there are identical products from China for 1/2 the cost...
Ransomware attack could have been better option for NXP. It would likely be over quickly and force them to take security seriously. Now, they were bleeding industrial and trade secrets for more than a year.
It's hard to argue against the proposition that ransomware is a canary for security vulnerabilities. Depending on how much commercial espionage it reduces, it may be a net cost saving in the long-run.
> It's likely the TA knows of specific flaws reported to NXP that can be leveraged to exploit devices the chips are embedded in, and that's assuming they didn't implement backdoors themselves. Over 2.5 years (at least), that's not unrealistic.”
I assume these chips had backdoors long before Chinese hackers started collecting files and saving them to dropbox. Pretty convenient to be able to blame Chinese hackers for any backdoors that come to light now.
With "cloud" services being mentioned, they say hackers used cloud storage to evade detection, but what if the initial intrusion vector itself was planted by an AWS employee?
Saudis used their nationals inside Twitter quite brazenly. Imagine how many other rouge nation nationals are there being used by their governments.
these 3rd world authoritarian regimes try to do this all the time, for example Russia routinely tries to recruit russian-speaking engineers at US/EU companies for industrial espionage. for example [1]
there are more cases that nobody publishes about - a lot of "ransomware" incidents - are actually employee who suddenly received email with malicious URL and clicked on it infecting his work computer - gaining plausable deniability by being "dumb IT user" while collecting $$$$ from criminal org for granting them initial access.
a lot of smaller/obscure outsource IT companies can cause you ransomware incident if you decide to terminate software development contract with them, because these could be literally North Korean hackers working as your sysadmins [2].
Do you know something the authors of the article and / or the security researchers don't know? Does it matter to you personally, or are you just sowing doubt and mistrust for reasons?
He doesn’t know that some of Intel’s most valuable intellectual property came out of acquired Israeli companies and their Israeli development centre was established in 1974.
I guess we figured out how one nation-state got transparency from NXP.