SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow1984
Supermicro hardware weaknesses let researchers backdoor an IBM cloud server
More than five years have passed since researchers warned of the serious security risks that a widely used administrative tool poses to servers used for some of the most sensitive and mission-critical computing. Now, new research shows how baseboard management controllers, as the embedded hardware is called, threaten premium cloud services from IBM and possibly other providers.
“Bloodsucking leech” puts 100,000 servers at risk of potent attacks. In short, BMCs are motherboard-attached microcontrollers that give extraordinary control over servers inside datacenters. Using the Intelligent Platform Management Interface, admins can reinstall operating systems, install or modify apps, and make configuration changes to large numbers of servers, without physically being on premises and, in many cases, without the servers being turned on. In 2013, researchers warned that BMCs that came preinstalled in servers from Dell, HP, and other name-brand manufacturers were so poorly secured that they gave attackers a stealthy and convenient way to take over entire fleets of servers inside datacenters.
Researchers at security firm Eclypsium on Tuesday plan to publish a paper about how BMC vulnerabilities threaten a premium cloud service provided by IBM and possibly other providers. The premium service is known as bare-metal cloud computing, an option offered to customers who want to store especially sensitive data but don't want it to intermingle on the same servers other customers are using. The premium lets customers buy exclusive access to dedicated physical servers for as long as needed and, when the servers are no longer needed, return them to the cloud provider. The provider, in theory, wipes the servers clean so they can be safely used by another bare-metal customer.
Eclypsium's research demonstrates that BMC vulnerabilities can undermine this model by allowing a customer to leave a backdoor that will remain active once the server is reassigned. The backdoor leaves the customer open to a variety of attacks, including data theft, denial of service, and ransomware.
(Score: 0) by Anonymous Coward on Friday March 01 2019, @08:32PM (1 child)
Why? This article is not about Supermicro. It's about a class of computers, including all leading brands. The article says that if you misconfigure a BMC, it ... just imagine! ... may become vulnerable.
The paper's purpose appears to give plausible conclusion to the Supermicro debacle. It started with outlandish claims - someone showed a Minicircuits RF filter and declared that it can exfiltrate information. Failing that, they moved to another accusation - that an Ethernet jack on a Supermicro motherboard was connected to a microprocessor. And now they finalized the story with pointing out that MCU is the BMC, which is legally installed and documented. The story becomes a non-story. That's how ended this politically driven media attack.
(Score: 2) by Hyperturtle on Saturday March 02 2019, @02:28PM
Yes -- it's about a class of computers that they all admit to using, and deny there is an issue with. They probably are telling the truth if they are actually ignorant of the problems. That's why places pay for security audits, so that they find these things out without having to read about them on the news. Everyone that might have this issue would be expected to deny it -- the stock price would fall if they were to say anything else. It's not like they let the public sector or reporters come in to try to prove a falsehood.
You're right though, that focus was on a specific type of machine and functionality.
Lots of machines use this *type* of functionality, and often its depended on for management purposes when rows of racks of pizza box style servers exist for hosting. I have some Lenovo Thinkservers that have "AMT" in it, and even with the servers turned off, I can log in to the bios and change stuff around and even lock myself out and do serious harm if I change the network settings. There are things in the AMT like IP addressing (IPV4 and IPV6) host name, nic duplex/speed settings installed hardware and such -- things that can be changed that CAN'T be changed with physical keyboard access to the BIOS when hitting F1 to get into the BIOS directly. That changes different options... Even if I did not change things, it provides a detailed layout of the hardware installed (disk drives, 3rd party nics, video, ram type, cpu type, etc) and makes it easy to search for other flaws with data that didn't even have to be scanned to retrieve--it can simply be retrieved.
The possibility to do great damage exists, but that is true of nearly all remote admin tools. It boils down to acceptable risk, and what's acceptable in hardware that is not yours and that you cannot fully manage or control or prevent others from doing the same... that you have chosen to use for cost or conveneience purposes. Even when you own, manage, and host it yourself, the convenience of some remote management features can be hard to disable.
It isn't outlandish that an ethernet jeck on a supermicro motherboard connected to a 'microprocessor' can be compromised, considering that's pretty much what I just detailed. I remember at one time, when 10gb nics were full length PCIe boards (you can still find them out there for cheap), they were essentially heat generating computers in a computer.
And those cards and their computers ran a custom OS that essentially managed the traffic flow. The OS drivers just saw it as a NIC. Someone, somewhere, essentially rooted one with a custom rom and allowed for packet sniffing and data capture with the ability to transmit the data from the card to wherever, and the system hosting the card had no concept since it never saw what actually left the card. It required a robust network security model to detect the traffic, since you know, lots of hardware phones home, manufacturers aren't usually very transparent about what their drivers are sending as telemetry, and few companies seek to audit unknown traffic on things like web facing blade servers in a shared topology using a 10gb nic that is split up virtually among dozens or more hosts that have legit traffic from all over the world. Any mistakes in filtering can ruin a customer's day, and a lot of the time... no one wants to be responsible for any mistakes, and companies actually quiz their hosted clients as to the nature of their traffic.
Most of that is learned, if it is even learned, over time, so a lot of data collection and transmission could take place in shared topologies like that. White listing a mac address on the card to prevent it talking to neighbors on a shared network segment doesn't do anything to prevent the card from collecting the data on all the traffic its permitted to transmit to begin with.