Secret Chineses spy chips hidden in internet servers

Discussion in 'computers, web and general tech' started by Crispy, Oct 4, 2018.

  1. Crispy

    Crispy The following psytrance is baṉned: All

    Tiny chips smaller than the tip of a pencil were put into server motherboards, in the factory, by a dedicated branch of the PLA. These motherboards found their way into data centers all over the world. They sit behind all other security measures and allow unfettered access to the compromised machines.


    Bloomberg - Are you a robot?

    The (American owned and run, but Chinese manufactured) server company in question's stock price:

    moochedit, 8ball and mrs quoad like this.
  2. Saul Goodman

    Saul Goodman It's all good, man

    That's excellent. Proper spy shit :D
    moochedit, tim and Pickman's model like this.
  3. S☼I

    S☼I there must be something wrong, boys

    "Hmmmm....we see this user from North East Lincolnshire spends an inordinate amount of time on Friday evenings searching for information on guitars, videos of 1980s football and browsing niche forums on space simulators and baby-eating"
    moochedit, tim, Enviro and 3 others like this.
  4. mrs quoad

    mrs quoad Well-Known Member

    Chips :cool:
    Enviro and gentlegreen like this.
  5. Riklet

    Riklet procrastinación

    No surprise theyre all denying it. No idea what to think... how can Bloomberg prove it?

    Apparently it got discovered back in 2015 btw. :hmm:
  6. Crispy

    Crispy The following psytrance is baṉned: All

    Well the journalist seems to have multiple corroborating sources, and there's nothing technically unfeasible about it all. I'd be more surprised if this sort of thing didn't happen.
    tim, Enviro, pogofish and 1 other person like this.
  7. stdP

    stdP I never learn.

    <putting my sysadmin hat on top of my network security analyst beret, beneath both of which sits my regular cynical geek toupée>

    There's plenty about the claims that don't make much in the way of any sense.

    Easier by far to either a) hide backdoors in the BMC* firmware [this is all closed-source stuff so not that difficult to hide well by obfuscation] and/or b) modifying the silicon of the BMC chips themselves [these are sealed in epoxy and thus you'd really need to decap and physically inspect with a microscope to spot any major differences from the original mask].

    If the hack is indeed related to the BMC then the company that makes it, ASPEED, also supplies Tyan, Asus and Gigabyte server/B2B server equipment, many of which also share the same factories. Given that as well as making whitebox servers and motherboards, Supermicro hardware forms the basis for a lot of specialised hardware appliances so any breach of this regard could have potentially huge impact. Normally for a hardhack of this ingenuity, magnitude, supposed commonality and security implications I would have expected to see people falling over themselves to publish hard evidence - X-ray or IR photography of the chip in question, literally picking the motherboard apart if need be, network traces of the CnC traffic, that sort of thing. Until I see some of that I remain sceptical that this isn't some yellow-peril-cum-short-selling concoction.

    Not that I'm saying this sort of hack isn't possible; as Cripsy point out it totally is. But from where I'm sitting there's a number of important details absent from the story as well as other attack vectors that are harder to detect and easier to implement and I worry it's being too sensationalised.

    <mandatory disclaimer - I personally own a number of Supermicro motherboards>

    * BMC = Baseboard Management Controller, an out-of-band management chip typically found on server boards (HP iLO and Dell iDRAC also being examples of BMCs); it essentially provides remote keyboard/video/mouse access as well as other remote management functions, and it commonly runs "always on" in its own discrete chip, usually without auditable source code. Because of its elevated and low-level access it's almost always regarded as a security accident waiting to happen, and thus everywhere I've worked has always kept the BMCs on a locked-down management network with no internet ingress or egress. Of course the BMC usually also has its fingers in the pies of the onboard NICs (typically also not with direct internet access but not as locked down as the management network) so there is a possibility of cross-talk... but again without any hard evidence we could guess at possible attack surfaces all day...
    Last edited: Oct 9, 2018
  8. editor

    editor hiraethified

    "Secret Chineses"?
    Enviro and Crispy like this.
  9. yield

    yield zero

  10. stdP

    stdP I never learn.

    If people are prepared to read a byt-geeks-for-geeks account, Serve The Home have had a couple of good articles on this (like me coming from a sceptical point of view) including an interview with one of the security researchers involved.

    Original post pointing out how many points of the Bloomberg article don't make a huge deal of sense
    Bloomberg Reports China Infiltrated the Supermicro Supply Chain We Investigate

    Interview with Yossi Appleboum
    Yossi Appleboum Disagrees with How Bloomberg is Positioning His Research Against Supermicro

    Forum discussion from lots of people like me
    Bloomberg Reports China Infiltrated the Supermicro Supply Chain We Investigate

    Still sounds like a regular BMC vuln (two a penny TBH) to me rather than a hardhack - one of the people writing in that thread was one of those involved in discovering the so-called "iDRACula" vuln in Dell BMCs, quite by accident - worth a read if you find the anatomy of a BMC interesting, and Supermicro don't have nearly as many firmware crypto checks as Dell do.

    : twiddles thumbs waiting for evidence :
    yield and Crispy like this.
  11. Lepton

    Lepton tiny tiny brain man

    look here and play the markets
  12. stdP

    stdP I never learn.

    Follow up in case anyone's still interested; Supermicro have completed their own investigation and have no chips, nor any other evidence of supply chain tampering. Open letter from the CxO's below along with a link to a video they've posted about their spy chain security;

    CEO - 3rd Party Security Update | Super Micro Computer, Inc.

    The audit was apparently done by a third party and currently remains nameless, I'm wondering if this is to do with pending legal action. Their share price still hasn't recovered since october.
    UnderAnOpenSky and Supine like this.
  13. 8ball

    8ball Can be a bit of a git sometimes

    Make great cheeses.
  14. Lurdan

    Lurdan old wave

    Spike Milligan
  15. 19sixtysix

    19sixtysix Life as viewed from a Gay Gorbals Garret

    Just how much american spy stuff is built into intel chips?
  16. two sheds

    two sheds Least noticed poster 2007

    Tommy Cooper
    tim likes this.
  17. Crispy

    Crispy The following psytrance is baṉned: All

    Aw, this was such a fun story. A shame it turned out to be cobblers.
    Voley likes this.
  18. moochedit

    moochedit Mr Mooched It

    Well im wrapping my pc in tin foil just in case :hmm:
  19. 2hats


    There is speculation that backdoors exist in some FPGAs and ASICs. Then there are the concerns raised recently by ‘C’ and others regarding Huawei/ZTE (valid or politics or a bit of both?). Certainly some apparently have backdoors (but put here by who and for what purpose - the vendor for debugging, but even those could be abused). Possibly TAO and similar exploit these but they most definitely exploit holes in other vendor hardware and software all the time - there’s so many to choose from. For example, there’s a repurposed banking trojan doing the rounds at the moment, causing a lot of damage by exploiting security holes that the puzzle palace discovered, used to keep to themselves to compromise specific targets, but eventually had to tip M$ off about when they realised it had escaped into the wild and was being abused by criminal gangs.
    two sheds likes this.
  20. stdP

    stdP I never learn.

    Loads :) Have fun reading about the Intel Management Engine (IME) - that's an actual bit of silicon with god-rights to most of what's going on in your computer. Part of the reason the last thing you'd do to intel machines is start adding extra chips to motherboards when software attacks on the existing silicon are generally much less visible, and attacks on the IME black box might be functionally undetectable.

    AMD has pretty much the same sort of deal BTW, albeit licensed from ARM (and called TrustZone) rather than developed in-house. It's had less in the way of bad press than IME but it's also received less scrutiny.

    Well, I've been highly sceptical about the story from the start, but I'd be wary of calling it cobblers wholly - it's exactly the sort of thing an evil nation-state might do given access to the hardware supply chain, but I'm reasonably certain there's much easier ways to go about it by exploiting the software side of things. With a trojan chip you can yank out the board and go "look, there's a trojan chip!" but if someone monkeys with the firmware of the NIC to send out CnC messages interposed between regular traffic only on the nights of a full moon, you will have a high-impossible job of spotting it unless you've got some proper IDS running - or just refuse to have your computers talk directly to the internet.

    Sadly there seems to be a new backdoor uncovered monthly. Cisco have had several this year (mostly in software), and of course there's been the barrels'o'fun meltdown and spectre vulns exploiting hardware fundamentals - and those are just the accidental ones. As the proverbial infosec litany goes, as a good guy you have to win every time in order not to get hacked, but the bad guys only have to win once. And most places relying on tech haven't the faintest idea, or even care about adequately securing stuff even on what a tinfoil-loving IT professional like myself would call a reasonable basis.

    A great deal of malware recently has been based on 0day vulns that have been discovered by various nations and kept hidden (instead of telling the vendor so it could be fixed or mitigated) so as to be weaponised more effectively.
    Last edited: Dec 12, 2018
    UnderAnOpenSky likes this.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice