Stories
Slash Boxes
Comments

SoylentNews is people

Chinese Spy Chips Allegedly Inserted Into Amazon, Apple, etc. Datacenters by Super Micro

posted by takyon on Thursday October 04 2018, @03:00PM   Printer-friendly
from the Cyberwarfare dept.

hellcat writes:

Chinese spy chips are found in hardware used by Apple, Amazon, Bloomberg says; Apple, AWS say no way

The chips, which Bloomberg said have been the subject of a top secret U.S. government investigation starting in 2015, were used for gathering intellectual property and trade secrets from American companies and may have been introduced by a Chinese server company called Super Micro that assembled machines used in the centers.

[...] China has long been suspected — but rarely directly implicated — in en masse spy campaigns based on hardware made there. The majority of electronic components used in U.S. technology are manufactured in China. Companies including component manufacturers Huawei and ZTE, as well as surveillance camera maker Hikvision, have all fallen under intense suspicion and scrutiny from the U.S. government in the past year.

I'd think that the big guys would be designing their own boards. Maybe we should only buy PCBs from South Korea.

Also at Bloomberg and The Guardian.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Chinese Spy Chips Allegedly Inserted Into Amazon, Apple, etc. Datacenters by Super Micro | Log In/Create an Account | Top | 36 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Informative) by Anonymous Coward on Thursday October 04 2018, @06:14PM (1 child)

    by Anonymous Coward on Thursday October 04 2018, @06:14PM (#744222)

    1) Victims claim it's fake news: https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond [bloomberg.com]
    2) Adding an _additional_ tiny chip to do all of what is claimed sounds rather implausible:

    the malicious chips were thin enough that they’d been embedded between the layers of fiberglass onto which the other components were attached, according to one person who saw pictures of the chips

      a) The chip would need to be connected to stuff. Changing the tracking is not always a small change or possible.
      b) In contrast if you instead modified existing stuff (e.g. existing chips for Intel AMT, BIOS, NICs, southbridge, etc), it would already be connected to the tracks and hardware you need, and the bean counters, security auditors and other annoyances will be far less likely to spot your changes. The existing stuff would do the bulk of the work for you.

    That said Intel has added USB debugging: https://www.scmagazineuk.com/debugging-mechanism-intel-cpus-allows-seizing-control-via-usb-port/article/1475548 [scmagazineuk.com]

    So you could possibly add something to a usb line, but like I said it should be far easier to hide it elsewhere in existing hardware and you'd likely get more "features and capabilities".

    Starting Score:    0  points
    Moderation   +2  
       Interesting=1, Informative=1, Total=2
    Extra 'Informative' Modifier   0  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Friday October 05 2018, @03:53PM

    by Anonymous Coward on Friday October 05 2018, @03:53PM (#744659)

    The description suggests to me that they were under an existing package. Essentially a hardware MITM attack, with leads probably just connected directly to the package leads.

    Sounds like it might have been under a non-integrated NIC chip, or under the RJ45 jack itself. Cool. Of course they probably got the idea after ripping apart a few of their own machines and discovered a little gift, courtesy of the NSA.