Boards
News
Market Data
Markets
Discover
Discover
AI Subscribe Login/Register account icon
S&P 500
6,506.48
(
-1.51%
)
US TECH 100
23,484.80
(
-0.99%
)
Dow Jones
45,577.47
(
-0.96%
)
Brent Oil
105.10
(
0.00%
)
Bitcoin
68,650.35
(
-0.34%
)
News Focus
News Focus
Post# of 574852
Next 10
Public Reply Private Reply New Post
Keep Last Read
Keep Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

fuagf

Send PM Follow Ignore
Followers 75
Posts 113764
Boards Moderated 3
Alias Born 08/01/2006

fuagf

Member Level

Re: fuagf post# 290691

Monday, 10/08/2018 3:14:28 AM

Monday, October 08, 2018 3:14:28 AM

Post# of 574852
The China SuperMicro Hack: About That Bloomberg Report

"The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies"

By Nicholas Weaver

Thursday, October 4, 2018, 3:09 PM

[...]

The attack reportedly focused on the Baseboard Management Controller (BMC), essentially a second small computer built into the server. The BMC implements the Intelligent Platform Management Interface, a tool enabling a remote administrator to reset the computer, reinstall the operating system, and perform other tasks without needing physical access. It is effectively “god,” able to take over the computer entirely.

[...]

It’s worth noting that Apple, Amazon and SuperMicro have all provided Bloomberg with very strong denials. That kind of pushback from those kinds of companies (or rather those kind of company lawyers) is a good reason to approach this story with a degree of skepticism until more information comes out. But keeping that in mind, the attack described in the article is actually plausible. SuperMicro specializes in computer server hardware and offers two advantages over other vendors: an ability to customize servers for mass installations and a somewhat lower cost than the competition. SuperMicro sells over $2 billion a year worth of servers, both under their own label and as the basis of “appliances” sold by others.

Robertson and Riley report a scheme in which Chinese intelligence bribed, threatened or cajoled at least four separate subcontracted manufacturing facilities in China to modify the design of SuperMicro server motherboards to include a small chip—smaller than a grain of rice—that would insert the backdoor into the BMC.

This scheme is less crazy than it might seem. Modern circuit boards are filled with small support chips, and the backdoor chip would appear to be just another faceless component to all but the most detailed examination. And while the Bloomberg article doesn’t go into the mechanics of how this would work, there’s one likely culprit: the serial EEPROM chip or a serial FLASH chip, which is used to store program and other instructions used during the startup process. The BMC itself loads at least some data from such a chip, which itself needs only two wires to communicate—so it would only take two connections for a rogue chip to mask the contents of a SEEPROM or SPI FLASH, replacing the contents and thereby corrupting the BMC by installing the backdoor code.

Serial EEPROMs can be nearly microscopic:

With links - https://www.lawfareblog.com/china-supermicro-hack-about-bloomberg-report



It was Plato who said, “He, O men, is the wisest, who like Socrates, knows that his wisdom is in truth worth nothing”

Public Reply Private Reply New Post
Keep Last Read
Keep Last Read Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Discover What Traders Are Watching

Explore small cap ideas before they hit the headlines.

Join Today