Friday, October 5, 2018

The Big Hack

Bloomberg reports that Chinese spies managed to insert tiny microchips into motherboards used by servers around the world, including by Amazon, Apple, and the US Military, that allow them to manipulate those systems however they want:
The chips on Elemental servers were designed to be as inconspicuous as possible, according to one person who saw a detailed report prepared for Amazon by its third-party security contractor, as well as a second person who saw digital photos and X-ray images of the chips incorporated into a later report prepared by Amazon’s security team. Gray or off-white in color, they looked more like signal conditioning couplers, another common motherboard component, than microchips, and so they were unlikely to be detectable without specialized equipment. Depending on the board model, the chips varied slightly in size, suggesting that the attackers had supplied different factories with different batches.

Officials familiar with the investigation say the primary role of implants such as these is to open doors that other attackers can go through. “Hardware attacks are about access,” as one former senior official puts it. In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips’ operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.
If this is true – so far as I can tell, none of it has been publicly acknowledged – what an astonishing story.

3 comments:

G. Verloren said...

The question is, if it's true, what does that mean for China's relations with the rest of the world?

Do people continue to buy Chinese electronics if they know there is a very real risk of compromising their security doing so? Do people start buying from competitors in other countries like Taiwan, Malaysia, et cetera?

Shadow said...

So much for online banking.

"Do people start buying from competitors in other countries like Taiwan, Malaysia, et cetera?"

And where do they get the components from?

We need a Star Trek Tricorder for electronics -- a genealogy on components.

Anonymous said...

It looks as real fake News..... And people start wondering “of its true....” Someone did a good job. N13