Maybe it is in other parts of the article, but how does this chip work? It's too small to transmit on its own, and any amount of data that it could send would possibly be seen on network traffic. So what does it do exactly?
Yeah this. I'm not even slightly surprised.When such a large part of the custom board market gets manufactured in China, a country known for its hackers, industrial espionage and disrespect of intellectual property, this was pretty much inevitable. Chinese hardware having a backchannel to their home has been a general half-joking assumption for a long time now, I'm more surprised it took this long to find a major case of clear tampering.
0____oWas just about to make a thread. You should add "US government" to the list of targets in the thread title.
It's so tiny.
It periodically contacts a server for further instructions.Maybe it is in other parts of the article, but how does this chip work? It's too small to transmit on its own, and any amount of data that it could send would possibly be seen on network traffic. So what does it do exactly?
Since the implanted chips were designed to ping anonymous computers on the internet for further instructions, operatives could hack those computers to identify others who'd been affected.
Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device's operating system to accept this new code. The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.
Apple made its discovery of suspicious chips inside Supermicro servers around May 2015, after detecting odd network activity and firmware problems, according to a person familiar with the timeline.
China is the single greatest threat to democracy on this planet. I'll keep repeating it. China delenda est.
We deplatformed a true Patriot and now we have no one left to warn us!
It periodically contacts a server for further instructions.
The network traffic and other odd behavior is what caused Apple to look into it.
Without more details of how this chip supposedly works, I find this whole thing incredibly suspect. Is something so small really capable of what they allege? How did a third-party just "insert" this tiny chip into the motherboard without significant refactoring of the PCB design? What is the extent of the supposed attack vector? They say it provides "a stealth doorway into any network that included the altered machines," but what does that really even mean? Assuming it's all true, simply having access to a network that other devices are on doesn't mean much if good security practices are being followed.
And considering how strong and detailed the denials are from the companies involved, I don't really know who to believe. Who do I trust more, corporate spokespeople or anonymous U.S. national security officials?
Yup.Its why no one should ever be buying Chinese designed and made electronics that connect to the internet.
Its why no one should ever be buying Chinese designed and made electronics that connect to the internet.
They failed to do in it America first, what they'll do/are doing instead is getting another Five Eyes nation with weaker privacy rights to legislate the back doors in on products used both there and in the states so that the US can simply just conveniently make use of them and can't be challenged on it.And they failed to do so. China does whatever the fuck it wants with zero regard for any form of human rights whatsoever. At least the US has some regard for human rights.
And IIRC it was about having a law enforcement access thing to unlock phones when a warrant is issued. But they still didn't get it.
My Galaxy S8 was manufactured in Vietnam.Please. Tell me what phone isn't manufactured in either China or Korea.
What systemboard either isn't assembled, or has chips that are manufactured, outside of the US.
This is the risk you take for lower cost electronics. Most IP cameras are manufactured in China. Most TVs are manufactured in Korea, China, or Mexico.
SuperMicro servers are EVERYWHERE. Scary stuff.
Its why no one should ever be buying Chinese designed and made electronics that connect to the internet.
A cyber security analyst on the news this morning said this is essentially injecting malware into the overall system and even if cleaned, because it's hardwired, it can reinject at will. So all it does is the small injection, then presumably the malware works like any other, allowing access for broader interference.3rd page and I still don't what that chip does on such a small scale, well maybe it's just a bridge from inputs from the device to wi-fi/cell modem. Who know, anyone here has a datasheet? : D
We do this shit to.
Got caught flashing BIOS with spyware (China also).
They moved on to board level devices.
We moved on to waffer level.
Also, let's be fair .... Almost anyone here ain't worth hacking,
In one case, the malicious chips were thin enough that they'd been embedded between the layers of fiberglass onto which the other components were attached, according to one person who saw pictures of the chips.
Nano-machines son, they hack your phone and send your data to China
If there ever were a war between the US and China, China would surely be able to shut down most of our infrastructure easily.
Speak for yourself, I suppose.. my graduate school research has been stolen by the Chinese (more directly in my case) and I'm currently working with one of the largest companies in the world on globally impactful technology. Even discussing my client with my roommate recently made us realize that he had turn off his Huawei phone and stick it another room just to be safe.
â‘ A Chinese military unit designed and manufactured microchips as small as a sharpened pencil tip. Some of the chips were built to look like signal conditioning couplers, and they incorporated memory, networking capability, and sufficient processing power for an attack.
② The microchips were inserted at Chinese factories that supplied Supermicro, one of the world's biggest sellers of server motherboards.
③ The compromised motherboards were built into servers assembled by Supermicro.
â‘Ł The sabotaged servers made their way inside data centers operated by dozens of companies.
⑤ When a server was installed and switched on, the microchip altered the operating system's core so it could accept modifications. The chip could also contact computers controlled by the attackers in search of further instructions and code.
I find the alleged chip's capabilities to be incredibly suspect because that is quite literally the size of a 0201 resistor or smaller, with all of those capabilities and few physical IO connections.
Cough, USA, CoughHow long until they find a way to stealthily bake this directly into microprocessors where they're no longer a separate, discernable part?