Secret Chineses spy chips hidden in internet servers

Discussion in 'computers, web and general tech' started by Crispy, Oct 4, 2018.

  1. Crispy

    Crispy The following psytrance is baṉned: All

    Tiny chips smaller than the tip of a pencil were put into server motherboards, in the factory, by a dedicated branch of the PLA. These motherboards found their way into data centers all over the world. They sit behind all other security measures and allow unfettered access to the compromised machines.


    Bloomberg - Are you a robot?

    The (American owned and run, but Chinese manufactured) server company in question's stock price:

    8ball and mrs quoad like this.
  2. Saul Goodman

    Saul Goodman It's all good, man

    That's excellent. Proper spy shit :D
    Pickman's model likes this.
  3. S☼I

    S☼I I don't want your poxy mint

    "Hmmmm....we see this user from North East Lincolnshire spends an inordinate amount of time on Friday evenings searching for information on guitars, videos of 1980s football and browsing niche forums on space simulators and baby-eating"
  4. mrs quoad

    mrs quoad Well-Known Member

    Chips :cool:
    Enviro and gentlegreen like this.
  5. Riklet

    Riklet procrastinación

    No surprise theyre all denying it. No idea what to think... how can Bloomberg prove it?

    Apparently it got discovered back in 2015 btw. :hmm:
  6. Crispy

    Crispy The following psytrance is baṉned: All

    Well the journalist seems to have multiple corroborating sources, and there's nothing technically unfeasible about it all. I'd be more surprised if this sort of thing didn't happen.
    Enviro, pogofish and sealion like this.
  7. stdP

    stdP I never learn.

    <putting my sysadmin hat on top of my network security analyst beret, beneath both of which sits my regular cynical geek toupée>

    There's plenty about the claims that don't make much in the way of any sense.

    Easier by far to either a) hide backdoors in the BMC* firmware [this is all closed-source stuff so not that difficult to hide well by obfuscation] and/or b) modifying the silicon of the BMC chips themselves [these are sealed in epoxy and thus you'd really need to decap and physically inspect with a microscope to spot any major differences from the original mask].

    If the hack is indeed related to the BMC then the company that makes it, ASPEED, also supplies Tyan, Asus and Gigabyte server/B2B server equipment, many of which also share the same factories. Given that as well as making whitebox servers and motherboards, Supermicro hardware forms the basis for a lot of specialised hardware appliances so any breach of this regard could have potentially huge impact. Normally for a hardhack of this ingenuity, magnitude, supposed commonality and security implications I would have expected to see people falling over themselves to publish hard evidence - X-ray or IR photography of the chip in question, literally picking the motherboard apart if need be, network traces of the CnC traffic, that sort of thing. Until I see some of that I remain sceptical that this isn't some yellow-peril-cum-short-selling concoction.

    Not that I'm saying this sort of hack isn't possible; as Cripsy point out it totally is. But from where I'm sitting there's a number of important details absent from the story as well as other attack vectors that are harder to detect and easier to implement and I worry it's being too sensationalised.

    <mandatory disclaimer - I personally own a number of Supermicro motherboards>

    * BMC = Baseboard Management Controller, an out-of-band management chip typically found on server boards (HP iLO and Dell iDRAC also being examples of BMCs); it essentially provides remote keyboard/video/mouse access as well as other remote management functions, and it commonly runs "always on" in its own discrete chip, usually without auditable source code. Because of its elevated and low-level access it's almost always regarded as a security accident waiting to happen, and thus everywhere I've worked has always kept the BMCs on a locked-down management network with no internet ingress or egress. Of course the BMC usually also has its fingers in the pies of the onboard NICs (typically also not with direct internet access but not as locked down as the management network) so there is a possibility of cross-talk... but again without any hard evidence we could guess at possible attack surfaces all day...
    Last edited: Oct 9, 2018
    MrSpikey, salem, Crispy and 5 others like this.
  8. editor

    editor Taffus Maximus

    "Secret Chineses"?
    Enviro and Crispy like this.
  9. yield

    yield zero

  10. stdP

    stdP I never learn.

    If people are prepared to read a byt-geeks-for-geeks account, Serve The Home have had a couple of good articles on this (like me coming from a sceptical point of view) including an interview with one of the security researchers involved.

    Original post pointing out how many points of the Bloomberg article don't make a huge deal of sense
    Bloomberg Reports China Infiltrated the Supermicro Supply Chain We Investigate

    Interview with Yossi Appleboum
    Yossi Appleboum Disagrees with How Bloomberg is Positioning His Research Against Supermicro

    Forum discussion from lots of people like me
    Bloomberg Reports China Infiltrated the Supermicro Supply Chain We Investigate

    Still sounds like a regular BMC vuln (two a penny TBH) to me rather than a hardhack - one of the people writing in that thread was one of those involved in discovering the so-called "iDRACula" vuln in Dell BMCs, quite by accident - worth a read if you find the anatomy of a BMC interesting, and Supermicro don't have nearly as many firmware crypto checks as Dell do.

    : twiddles thumbs waiting for evidence :
    yield and Crispy like this.
  11. Lepton

    Lepton Enişte

    look here and play the markets

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice