Slash Boxes

SoylentNews is people

posted by mrpg on Sunday October 07 2018, @08:32AM   Printer-friendly
from the our-fortune-looks-bleak dept.

Following up on our story from Thursday — Chinese Spy Chips Allegedly Inserted Into Amazon, Apple, etc. Datacenters by Super Micro — there is a report from Ars Technica Bloomberg stands by Chinese chip story as Apple, Amazon ratchet up denials:

On Thursday morning, Bloomberg published a bombshell story claiming that the Chinese government had used tiny microchips to infiltrate the data centers of Apple and Amazon. Apple and Amazon, for their part, responded with unusually specific and categorical denials. It's clear that someone is making a big mistake, but 24 hours later, it's still not clear whether it's Bloomberg or the technology companies.

On Thursday afternoon, Apple laid out its case against the story in a lengthy post on its website. The post specifically disputed a number of Bloomberg's claims. For example, Bloomberg says that after discovering a mysterious chip in one of its servers, Apple "reported the incident to the FBI," leading to an investigation. Apple flatly denies that this occurred.

"No one from Apple ever reached out to the FBI about anything like this," Apple writes. "We have never heard from the FBI about an investigation of this kind."

Amazon's response has been equally emphatic and detailed. "There are so many inaccuracies in ‎this article as it relates to Amazon that they're hard to count," Amazon wrote on Thursday. "We never found modified hardware or malicious chips in servers in any of our data centers."

Yet Bloomberg reporter Jordan Robertson, one of the article's co-authors, has stood by his story. In a Thursday afternoon appearance on Bloomberg TV, Robertson said that he talked to 17 anonymous sources—both in US intelligence agencies and at affected companies—who confirmed the story.

So what's going on? It's clear that someone isn't telling the truth, but it's hard to tell what the real story is.

A comment to that story on Ars noted:

The (alleged) chip is associated with the BMC (baseboard management controller). It has indirect access to everything that the BMC can touch, which is pretty much everything in the system.

See, also, coverage on Hackaday where a comment identifies the particular board in question as being a MicroBlade MBI-6128R-T2. A link to a tweet reveals a picture of the board in question and a followup picture showing where the extra device would be located.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by driverless on Sunday October 07 2018, @10:01AM (2 children)

    by driverless (4770) on Sunday October 07 2018, @10:01AM (#745437)

    Except - I just unplugged my IPMI, so it has no dedicated network path.

    Does whatever you unplugged have any other network interface? If it does, IPMI will take over that and respond to a secret-knock handshake on it.

    No, I'm not making that up. You don't need any sikrit Chineeze backdoors in your servers when you've got IPMI already built in by the vendor.

    Which is also what makes the whole Bloomberg story astoundingly unlikely. Why add an easily-detected back door when the vendor has already left the front door wide open.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=1, Informative=2, Total=3
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 0) by Anonymous Coward on Sunday October 07 2018, @10:31AM

    by Anonymous Coward on Sunday October 07 2018, @10:31AM (#745447)

    Stuff like IPMI is indeed pretty much a backdoor, but supposedly it can be secured.

    This chip provides replacement firmware. It phones home under some circumstances. We don't know what else it does, but an obvious choice would be to add a hardcoded second password.

  • (Score: 2) by Runaway1956 on Sunday October 07 2018, @10:52AM

    by Runaway1956 (2926) Subscriber Badge on Sunday October 07 2018, @10:52AM (#745450) Homepage Journal

    Well, I should clarify that my board is an old board - it isn't even under consideration here. But, I don't use IPMI, so I unplugged the IPMI. In my case, IPMI is a card, which plugs into the board through a PCI interface. If I'm using IPMI, it MUST be plugged into the first PCI slot, but if I'm not using IPMI, then the PCI acts as any otehr PCI.

    Things are a little crowded inside the box - or more accurately, things are crowded together right in that area of the box. Removing the IPMI makes zero sense for people who need IPMI, but for me, it makes perfect sense. The card lies in the bottom of the case.

    I suppose I should note, for those who don't have IPMI, that the card has it's own dedicated networking plugin. It listens, even when the computer is powered off, for incoming commands. If the card were plugged in, I could run ethernet directly from that card, to the router. Then, I would probably never see if the IPMI were communicating directly with the aliens on the dark side of the moon, let alone the Chinese or the Russians. The only way to monitor that would be to monitor the router.

    Don’t confuse the news with the truth.