Posted on 10/05/2018 11:54:39 AM PDT by Zhang Fei
Chinese operatives allegedly poisoned the technical supply chain of major US companies, including Apple and Amazon by planting a microchip on their servers manufactured abroad, according to a Bloomberg report today. The story claims that one chip, which was assembled for a company called Elemental by a separate company called Super Micro Computer, would allow attackers to covertly modify these servers, bypass software security checks, and, essentially, give the Chinese government a complete backdoor into these companies’ networks.
Affected companies are vigorously disputing the report, claiming they never discovered any malicious hardware or reported similar issues to the FBI. Even taking the Bloomberg report at its word, there are significant unanswered questions about how widely the chip was distributed and how the backdoor access was used.
But the mere idea of a malicious chip implant has already sent shock waves through the security world, which has traditionally focused on software attacks. Nicholas Weaver, a professor at Berkeley’s International Computer Science Institute described an alarming attack. “My initial reaction was ‘HOLY FUCKING SHIT’ [sic],” Weaver told The Verge. “This is a ‘god mode’ exploit in the system management subsystem.”
Security experts have warned for years that the hardware supply chain is at risk, especially considering that China has a monopoly on parts and manufacturing. Up until now, though, we haven’t seen a widespread attack on US companies, as Bloomberg claims to have found. There’s no real way to prevent a hardware attack like this, sources tell The Verge, unless the tech industry wants to drastically rethink how it gets its components and brings products to market.
Katie Moussouris, founder and CEO of Luta Security, says an attacker could use this kind of malicious implant to bypass all software protections, a doomsday scenario for defenders. “If you manage to put something in
(Excerpt) Read more at theverge.com ...
The original Bloomberg story said that Amazon actually was the first to discover this and report it to the FBI.
IT security profesionals are calling these devices “Feinstein” chips, or simply Feinsteins.
That it hasn’t been discovered by most companies IS THE WHOLE POINT!!!!
Is this what is screwing up the NASDAQ?
Heck, I know how to get God Mode on any Winsows machine. It’s easy. A bunch of other hacks are easy. Anyone here know what F3GUM is? Still works a lot of places. But I’m a good guy - don’t hack - try to help others defend against hacks.
Gives them a great ability to blackmail leaders in Western countries.
On a serious note, backdoored hardware has been a topic of discussion for years. In fact I’m surprised it took this long to (tentitively) find one.
Windows*
To: conservatism_IS_compassionI’m more worried about someone inserting unwanted logic inside a chip. Seems like in principle that could be hard to detect via testing.
True, hard to detect. Before I retired, I worked as an IT senior systems engineer. Several decades ago, I wrote custom machine code for IBM mainframes I maintained at my job that controlled the flow of thousands of programs that ran. I secretly embedded code that gave my programs top priority over everything else running. Many years after I left that department, my code was still running and no one detected it (despite a dozen other engineers working on the systems code). And no one would unless specifically testing with the trigger code I used to enable it. Lots of programmers did this sort of stuff for fun, because they could - nothing malicious.
It's different now, with governments doing it for malicious reasons.
19 posted on 10/4/2018, 1:03:56 PM by roadcat
Here’s the deal: it’s a horrendous, sinister deed; but catching on to it and learning the particulars pretty much guarantees that countermeasures will be discovered and made available.
[On a serious note, backdoored hardware has been a topic of discussion for years. In fact I’m surprised it took this long to (tentitively) find one.]
diane feinstein’s driver is unaware of any plobrems
Anyone see a good technical articulate on this yet? Almost all the reports don’t say much.
Looks like one of the better overview, but the embedded links may provide the meat that you want.
If you can handle all of the “he said, she said, no I didn't” bloviating.
So in other words we can rest easy knowing our tech companies won’t lie to us and the Chinese are very ethical.
“Which means it is either a creature of the government, as in owned lock, stock and barrel...”
That’s why I never buy anything from Lenovo!
the meaning of this and a presidential report out today and the shriveling of the US manufacturing base caused in part by predatory chinese practices means in effect that the whole US supply chain that starts in China has to re shored to the USA.
[Altering circuit boards with little outboard SMT modules is the cartoon stock-photo version, whereas a deep hardware backdoor might involve a few trace alterations on chip lithography masters. This would be potentially extremely hard to detect, and involves polishing a suspect chip down to the silicon circuitry for further analysis to find evidence of tampering.]
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.