SoylentNews is people
SoylentNews
Chinese spy chips are found in hardware used by Apple, Amazon, Bloomberg says; Apple, AWS say no way
The chips, which Bloomberg said have been the subject of a top secret U.S. government investigation starting in 2015, were used for gathering intellectual property and trade secrets from American companies and may have been introduced by a Chinese server company called Super Micro that assembled machines used in the centers.
[...] China has long been suspected — but rarely directly implicated — in en masse spy campaigns based on hardware made there. The majority of electronic components used in U.S. technology are manufactured in China. Companies including component manufacturers Huawei and ZTE, as well as surveillance camera maker Hikvision, have all fallen under intense suspicion and scrutiny from the U.S. government in the past year.
I'd think that the big guys would be designing their own boards. Maybe we should only buy PCBs from South Korea.
Also at Bloomberg and The Guardian.
(Score: 5, Insightful) by Runaway1956 on Thursday October 04 2018, @03:18PM (5 children)
I presume that the companies named are about as competent as anyone, when it come to securing their networks. If servers were phoning home to China, no one would notice? No one at all? Maybe not on public-facing machines, but how about those not serving the public? No one ever looked at logs? Strange. I don't think the story is very credible.
(Score: 4, Informative) by Spamalope on Thursday October 04 2018, @03:41PM
It's a tiny hardware hack. It wasn't phoning home to anyone. It would have done something to enable the sort of attack used with a buffer overflow, without needing the overflow to write into program storage so you could bypass password protection or the like. i.e. make the server vulnerable to an injection attack at the hardware level.
Any other malware activity would be on the part of a payload dropped afterwards. If they're good, that'll only be exfiltrating small amounts of data, and only with legit data. (or I guess - one time things - misconfigure the VM backup replication target to point to the attackers server for one replication cycle - then restore the original settings if not caught)
But done well, it could look like software zero day exploits being used to the victims. (if you're using Adobe products, are you shocked if there appears to be another vulnerability? again?)
(Score: 4, Insightful) by Anonymous Coward on Thursday October 04 2018, @05:19PM
"If servers were phoning home to China, no one would notice?"
This is a needle in haystack problem that is created partly by the CDN's. They don't have to phone home to China, they only have to phone home to a CDN, which can then proxy the data back to China. The content looks like any other SSL encoded web query, since the CDN is used by a large number of vendors at the same time. Kind of like a reverse VPN provider. But there are a lot of other ways to do it.
This is one of the problems that has been created by the "network management" aka. monopoly techniques used by a lot of the carriers. The more the CDN's aggregate traffic, the more difficult it becomes to separate the wheat from the chaff for indevidual security admins. And having worked for a big carrier, I can tell you from experience that customer exploitation is the rule, and client security is a joke. The only people they do traffic analysis for voluntarily, is advertisers and consumer profiling agencies.
NN is a factor here. The carriers moving towards wallled gardens would actually make this problem worse because it would mean a higher reliance on CDN traffic, vs. direct traffic delivery. So in this case supporting NN also supports national security in a very practical day to day troubleshooting kind of way. That difference is quantified by having thousands of indevidual security admins analyzing traffic vs.four guys with slurpies in a telecom basement in NYC, whose default response is pretty much "fuck off, I'm busy". And the reason they'd get away with it is because they answer to management that supports that attitude, because customer loss prevention doesn't generate revenue.
IOW, do you really want to be calling Comcast to be figuring out where your traffic goes, or would you rather depend on your own network analysis tools?
(Score: 2, Informative) by Anonymous Coward on Thursday October 04 2018, @06:14PM (1 child)
1) Victims claim it's fake news: https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond [bloomberg.com]
2) Adding an _additional_ tiny chip to do all of what is claimed sounds rather implausible:
a) The chip would need to be connected to stuff. Changing the tracking is not always a small change or possible.
b) In contrast if you instead modified existing stuff (e.g. existing chips for Intel AMT, BIOS, NICs, southbridge, etc), it would already be connected to the tracks and hardware you need, and the bean counters, security auditors and other annoyances will be far less likely to spot your changes. The existing stuff would do the bulk of the work for you.
That said Intel has added USB debugging: https://www.scmagazineuk.com/debugging-mechanism-intel-cpus-allows-seizing-control-via-usb-port/article/1475548 [scmagazineuk.com]
So you could possibly add something to a usb line, but like I said it should be far easier to hide it elsewhere in existing hardware and you'd likely get more "features and capabilities".
(Score: 0) by Anonymous Coward on Friday October 05 2018, @03:53PM
The description suggests to me that they were under an existing package. Essentially a hardware MITM attack, with leads probably just connected directly to the package leads.
Sounds like it might have been under a non-integrated NIC chip, or under the RJ45 jack itself. Cool. Of course they probably got the idea after ripping apart a few of their own machines and discovered a little gift, courtesy of the NSA.
(Score: 2) by sonamchauhan on Sunday October 07 2018, @02:48AM
This chip is connected to the baseband management controller. Among other things, it snoops on all network packets. Send it aa few pre agreed, well crafted bytes, and it could start doing stuff