Any official statements regarding malicious firmware discovery?


  • Has Sabrent officially posted any statement, and follow up actions, on the recent supply chain attack that happened involving their own firmware about 6 months ago, as disclosed and discussed (and responded to by an official account of Sabrent's) here and here?

    ---

    I am in charge of procurement of IT equipment at a medium sized company and started looking into buying  powered usb hubs for our employees (a few hundred eligable for receiving these hubs).   Doing some initial research on the matter Sabrent came up as the main recommendation from outlets I trust, such as Tom's Hardware, as well as personal contacts.

    However, what also came up in the research were the previously linked discussions about a supply chain attack that happened with their firmware vendor (which is the same as their hardware vendor it seems) just half a year ago.

    Sadly these kinds of things can happen to any company, but it is a measure of quality and trust how they respond to a situation like this. In fact I would trust a company that had something like this happen much more if the opportunity were used to be transparent about what allowed the situation to happen in the first place, and what mechanisms have been put in place to safeguard that it can't happen again in the future.

    But in this instance there doesn't seem to have been any formal statements made from Sabrent on the matter, no information on if an inquiry took place and what it uncovered. Worse of all, there is no information to be had on what, if any, kind of mechanisms have been put into place to make sure that this doesn't happen again in the future.

    I am writing this out of concern for any one else in charge of  IT equipment procurement that might think of buing Sabrent equipment, and might not come accross these recent issues during their research.

    Due to the afformationed lack of forthcoming information, I will not take a chance on Sabrent for my organization and will now search for other options.



  • @hulid Our posts made on Reddit cover what was found, although perhaps not in a single unified manner. A supplier to the factory which developed the firmware update inadvertently had an old virus/trojan as part of the package. A side issue was that this type of firmware update already uses low-level access which can be falsely flagged. We removed this package from the site and developed a clean firmware update, which we do have, but decided to make a new series of units with a hardware fix with RMAs/replacements given to any customer who asks. The simple change in our chain is that the testing workstations, which for SSDs were run with minimal software to ensure proper performance testing, and any non-Windows design stations, are gone through only after normal channels have ensured complete file/software safety of executable updates.


  • @hulid I appreciate your thorough research and concern regarding the recent firmware supply chain attack involving Sabrent. 😀


Please login to reply this topic!