Following up on our story from Thursday — Chinese Spy Chips Allegedly Inserted Into Amazon, Apple, etc. Datacenters by Super Micro — there is a report from Ars Technica Bloomberg stands by Chinese chip story as Apple, Amazon ratchet up denials:
On Thursday morning, Bloomberg published a bombshell story claiming that the Chinese government had used tiny microchips to infiltrate the data centers of Apple and Amazon. Apple and Amazon, for their part, responded with unusually specific and categorical denials. It's clear that someone is making a big mistake, but 24 hours later, it's still not clear whether it's Bloomberg or the technology companies.
On Thursday afternoon, Apple laid out its case against the story in a lengthy post on its website. The post specifically disputed a number of Bloomberg's claims. For example, Bloomberg says that after discovering a mysterious chip in one of its servers, Apple "reported the incident to the FBI," leading to an investigation. Apple flatly denies that this occurred.
"No one from Apple ever reached out to the FBI about anything like this," Apple writes. "We have never heard from the FBI about an investigation of this kind."
Amazon's response has been equally emphatic and detailed. "There are so many inaccuracies in this article as it relates to Amazon that they're hard to count," Amazon wrote on Thursday. "We never found modified hardware or malicious chips in servers in any of our data centers."
Yet Bloomberg reporter Jordan Robertson, one of the article's co-authors, has stood by his story. In a Thursday afternoon appearance on Bloomberg TV, Robertson said that he talked to 17 anonymous sources—both in US intelligence agencies and at affected companies—who confirmed the story.
So what's going on? It's clear that someone isn't telling the truth, but it's hard to tell what the real story is.
A comment to that story on Ars noted:
The (alleged) chip is associated with the BMC (baseboard management controller). It has indirect access to everything that the BMC can touch, which is pretty much everything in the system.
See, also, coverage on Hackaday where a comment identifies the particular board in question as being a MicroBlade MBI-6128R-T2. A link to a tweet reveals a picture of the board in question and a followup picture showing where the extra device would be located.
(Score: 2, Insightful) by Anonymous Coward on Monday October 08 2018, @06:34AM (1 child)
How so? China already makes/supplies/assembles many of the chips used in a computer. e.g. the south bridge stuff, even some Intel NICs are made in China.
Why add chips when they can just replace existing chips with modified versions? Especially when the existing chips would already be connected to all the relevant tracks or I/O (e.g. network interface).
The Bloomberg article had claims like some "pencil tip sized" chips being found between motherboard fibreglass layers... Think about how more inconvenient it would be to get those to pwn a computer, compared to just modifying a southbridge chip (which already has so much junk in it). It's harder to detect such changes to a southbridge chip compared to detecting those changes to a motherboard. Why do stuff in a harder more detectable way?
It's not so plausible when you know how stuff works.
Even more plausible was it was a false flag - a TLA did it and made it detectable but Apple etc figured out who it really was and so they got NSLed into denying it ever happened.
(Score: 2) by urza9814 on Tuesday October 09 2018, @02:59PM
The more complicated chips involve firmware blobs, and they might not have access to the source code for that. They could reverse-engineer something equivalent, but that's going to be a lot of work and more easily noticed.
They also might not want the manufacturer to know -- or at least not right away. It's probably pretty hard to get an identical Intel chip with modified software installed on a shipped board without *someone* at Intel knowing about it. But you could intercept a standard shipment (while it's in customs perhaps), add your spy chip, and send it back out without involving a single employee at the manufacturer or the recipient which significantly reduces the risk of getting caught. If the new chip is included on the circuit board or solder mask that's a bit less likely, but it's still possible that they didn't want to involve the manufacturer in initial experiments/testing of the concept, or they don't want to give any information beyond "Install the chips that we are going to provide" without anyone having the knowledge of exactly what those chips do. You definitely don't want to start your super secret spy project by explaining the whole thing to some corporate CxOs to see if they can do it. People are going to know about that spy project before the product even ships.
And on top of that, I'd imagine that the spy chip method could be more versatile. The external interfaces to various processors and bridge chips are likely to be more stable and standardized than the chip internals, so that might let you build one spy chip that works on a larger variety of systems.