Maybe it is in other parts of the article, but how does this chip work? It's too small to transmit on its own, and any amount of data that it could send would possibly be seen on network traffic. So what does it do exactly?
-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
Bloomberg: Chinese spy chips found in hardware used by Apple, Amazon (and others)
- Thread starter SwampBastard
- Start date
I like how the article basically ends with "Yo btw we bought some motherboards and stuff from them as well but the manufacturer told us everythings cool".
3rd page and I still don't what that chip does on such a small scale, well maybe it's just a bridge from inputs from the device to wi-fi/cell modem. Who know, anyone here has a datasheet? : D
0____oWas just about to make a thread. You should add "US government" to the list of targets in the thread title.
It's so tiny.
Now what?
Reminder that Google, Amazon, and Microsoft etc have to comb ordered hardware for NSA installed backdoors intercepted mid-shipping even if you stay to US-only hardware.
https://www.theverge.com/2013/12/29/5253226/nsa-cia-fbi-laptop-usb-plant-spy
edit: to clarify, this isn't whataboutism, it's to show that it's basically an ongoing arms race.
https://www.theverge.com/2013/12/29/5253226/nsa-cia-fbi-laptop-usb-plant-spy
edit: to clarify, this isn't whataboutism, it's to show that it's basically an ongoing arms race.
It periodically contacts a server for further instructions.
The network traffic and other odd behavior is what caused Apple to look into it.
Makes sense, and glad to see Apple noticed the network traffic.
I wonder if this would be as simple as additional notifications in the OS when something is remotely accessing your system. Since it is just a side door to the main access chip.
Without more details of how this chip supposedly works, I find this whole thing incredibly suspect. Is something so small really capable of what they allege? How did a third-party just "insert" this tiny chip into the motherboard without significant refactoring of the PCB design? What is the extent of the supposed attack vector? They say it provides "a stealth doorway into any network that included the altered machines," but what does that really even mean? Assuming it's all true, simply having access to a network that other devices are on doesn't mean much if good security practices are being followed.
And considering how strong and detailed the denials are from the companies involved, I don't really know who to believe. Who do I trust more, corporate spokespeople or anonymous U.S. national security officials? These days I don't really have much reason to trust either. And who has more to lose with lying about this, anonymous sources who may or may not fully understand what's happening here, or PR people providing statements directly to the press on the record?
And considering how strong and detailed the denials are from the companies involved, I don't really know who to believe. Who do I trust more, corporate spokespeople or anonymous U.S. national security officials? These days I don't really have much reason to trust either. And who has more to lose with lying about this, anonymous sources who may or may not fully understand what's happening here, or PR people providing statements directly to the press on the record?
Geez I dont know whats worse
Chinas economic warfare, Russias Information warfare, the bribery of the middle east
The shady shit going on in the world at the Macro level seems so far beyond a common scrub citizen like myself
Chinas economic warfare, Russias Information warfare, the bribery of the middle east
The shady shit going on in the world at the Macro level seems so far beyond a common scrub citizen like myself
Yes. See also: the remote management stuff inside both Intel and AMD CPUs that can be exploited to give a process root invisibly without you even knowing.
Please. Tell me what phone isn't manufactured in either China or Korea.
What systemboard either isn't assembled, or has chips that are manufactured, outside of the US.
This is the risk you take for lower cost electronics. Most IP cameras are manufactured in China. Most TVs are manufactured in Korea, China, or Mexico.
SuperMicro servers are EVERYWHERE. Scary stuff.
They failed to do in it America first, what they'll do/are doing instead is getting another Five Eyes nation with weaker privacy rights to legislate the back doors in on products used both there and in the states so that the US can simply just conveniently make use of them and can't be challenged on it.
Again, the trade war between China and the US is just part of a larger competition. I don't think US-Chinese relations are ever going back to "normal".
My Galaxy S8 was manufactured in Vietnam.
Japan makes a few phones and it must be stressed that Taiwan, where lots of motherboards are created is not the same as mainland China.
However you're correct in saying that lots of items are manufactured, to spec, in China.
It was a chip outside of spec that got caught. While a western manufacture isn't immune from this sort of thing, they could be more likely to find out than a Chinese company with incentives to add back doors directly by the state.
Super Micro's Stock is down 40%
https://www.google.co.uk/search?q=OTCMKTS:SMCI
That's what a shock crashing actually looks like.
https://www.google.co.uk/search?q=OTCMKTS:SMCI
That's what a shock crashing actually looks like.
â‘ A Chinese military unit designed and manufactured microchips as small as a sharpened pencil tip. Some of the chips were built to look like signal conditioning couplers, and they incorporated memory, networking capability, and sufficient processing power for an attack.
② The microchips were inserted at Chinese factories that supplied Supermicro, one of the world's biggest sellers of server motherboards.
③ The compromised motherboards were built into servers assembled by Supermicro.
â‘Ł The sabotaged servers made their way inside data centers operated by dozens of companies.
⑤ When a server was installed and switched on, the microchip altered the operating system's core so it could accept modifications. The chip could also contact computers controlled by the attackers in search of further instructions and code.
Why?
NSA and GCHQ, tap directly into backbone infrastructure and syphon out data, use backdoors in operating system systems and hardware.
Buying from somewhere don't guarantee shit.
Also, let's be fair .... Almost anyone here ain't worth hacking, so settle down.
Governments trading blows? Who cares, they are all corrupt.
A cyber security analyst on the news this morning said this is essentially injecting malware into the overall system and even if cleaned, because it's hardwired, it can reinject at will. So all it does is the small injection, then presumably the malware works like any other, allowing access for broader interference.
Buying in thd us isnt safe either, they intercept anf indtall their own thing
https://www.cnet.com/news/nsa-reportedly-installing-spyware-on-us-made-hardware/
While my Government continues to sleep with Huawei in every cyber/telecommunication way possible. Huawei are the sole contractor for Fibre in Government and homes alike in my country.
Speak for yourself, I suppose.. my graduate school research has been stolen by the Chinese (more directly in my case) and I'm currently working with one of the largest companies in the world on globally impactful technology. Even discussing my client with my roommate recently made us realize that he had turn off his Huawei phone and stick it another room just to be safe.
Thats impressive, the rice grain was bound to be caught, but embedding the chip in the board may not have left any visible signs.
I'm assuming this means that X-raying boards is now, if it wasn't already, part of examining hardware samples.
Note, the next step in this game is trying to change the design of existing chips to inject change of this type. I assume it happens already for certain Android phones, but getting this into widely used silicon would be an impressive, and concerning, feat.
as an Electrical Engineer this is really fascinating to me, I almost wonder if there isn't something political involved seeing the strong denial by apple/amazon. In order for something like this to be accurate super-micro must have the most shit QC in existence or china had help from the inside, there's just no way something like that would go unnoticed for too long.
Nano-machines son, they hack your phone and send your data to ChinaThats fucking nuts.
god damnit
Nothing will be as bad as the USA so this is just fear mongering, China doesn't oppress me. Spare me the whataboutism replies.
LOL this has been going on for 10+ years on multiple levels.
https://www.zdnet.com/article/cisco-partners-sell-fake-routers-to-us-military/
https://www.zdnet.com/article/cisco-partners-sell-fake-routers-to-us-military/
â‘ A Chinese military unit designed and manufactured microchips as small as a sharpened pencil tip. Some of the chips were built to look like signal conditioning couplers, and they incorporated memory, networking capability, and sufficient processing power for an attack.
② The microchips were inserted at Chinese factories that supplied Supermicro, one of the world's biggest sellers of server motherboards.
③ The compromised motherboards were built into servers assembled by Supermicro.
â‘Ł The sabotaged servers made their way inside data centers operated by dozens of companies.
⑤ When a server was installed and switched on, the microchip altered the operating system's core so it could accept modifications. The chip could also contact computers controlled by the attackers in search of further instructions and code.
I find the alleged chip's capabilities to be incredibly suspect because that is quite literally the size of a 0201 resistor or smaller, with all of those capabilities and few physical IO connections.
Exactly the same boat. I think its more likely that this chip has a means of breaking through the micro-controller encryption in the network adapter and can do encrypted reads from the data buses. That would be as far as I would reasonably expect a device this size to do.
How long until they find a way to stealthily bake this directly into microprocessors where they're no longer a separate, discernable part?
