Posted on 10/17/2019 2:37:01 PM PDT by Zhang Fei
Almost a year to the day after Bloomberg reported that the US government, Apple, Amazon, and others had their servers compromised by China, a security researcher has shown a similar hack can be pulled off with $190 worth of tools and a $2 chip.
Citing six senior national security officials and several higher-ups within Apple and Amazon, Bloomberg claimed that the manufacturing facilities constructing Supermicro motherboards had been infiltrated by a branch of China’s People’s Liberation Army. The PLA was reportedly adding a rice grain-sized chip capable of monitoring and altering communications with the motherboard’s BMC (baseboard management controller). The compromised motherboards had allegedly been sold in the tens of thousands to US customers, who could all, theoretically, be leaking their data to China.
Supermicro, Apple and Amazon all denied claims that they’d discovered the chips vehemently, the NSA said the threat was a false alarm, and the debate ended there. Last December, however, the hack was proven possible by Trammell Hudson, who’d found a spot on the Supermicro motherboard where a tiny chip could replace a small resistor and remain unnoticed. He connected a proof-of-concept chip only slightly larger than the resistor through external wires and completed the hack, concluding that anyone with a fab would be able to do a better job and remain undetected.
Monta Elkins, who’s the “hacker-in-chief” for security firm Foxguard, can do it without the budget. Elkins, who’ll be formally presenting his work at the CS3sthlm security conference this month, was able to gain control over a Cisco ASA 5505 firewall server with a chip lifted from a $2 Digispark Arduino board. He assembled his hack using a $150 hot-air soldering tool and a $40 microscope.
"We think this stuff is so magical, but it’s not really that hard," Elkins told Wired.
(Excerpt) Read more at techspot.com ...
But that’s what we’re talking about here. The Chinese spies have no way of knowing if any one particular server is going to wind up in a sensitive, important location that could yield data ore for mining, so they’d have to insert their exploit in large numbers so they’re guaranteed a hit. Stuff such as you’re mentioning is of no consequence for their purpose. They want to hit the server that winds up in a critical gateway location. . . to do that, getting compromised chips into as many as possible increases the odds a compromised one winds up where they need it. The more the merrier.
If they know which one it is, they could do a Mission Impossible targeted install like described in this article, after all the QAs, but that’s unlikely. General, servers are generic, interchangeable devices, so how do you pick the right one going to the desired location to specifically compromise? You don’t, not at manufacture or assembly. It’s simply not economical to do and very likely to be found.
One of my original points for the original Bloomberg hoax article . . . especially true for multiple layer boards where you can’t just drill holes and plonk your IC Willy-nilly any old place there might be space to fit it. . . which is what it appears they did on this board from seven years ago.
He did say he used a microscope. . . LOL!
Of course, I was seeing preproduction boards.
When I disassembled production models that had junction connections, I knew that the product would have client issues.
This ain't the 80’s anymore with two and four layer boards, that even I could hack and bypass some limitation.
I would think within the chip sets, it wouldn’t be that difficult in place sleeper embedded systems, never used till activated, and nobody would be the wiser.
“wire in an additional PCB”
That is not what the article says. It says a surface mount resistor can be replaced with a chip about the same size. Jumper wires are used to wire up the chip, so it would be an obvious hack of the board. But they are not attaching an additional PCB.
Exactly, it takes a computer to design the circuit pathway on these multilayer boards and adding a single component can force changes in the positions of other components.
I recall the instructions for some of the add-on boards that were sold back in the ‘80s: "After being certain you have grounded yourself to the chassis, if you have a Revision A computer board, clip wire B to Leg 4 of the IC chip in the lower left corner of your circuit board as shown in fig. 1; otherwise, if you have a Revision B computer board, clip wire B to Leg 5 of the IC chip next to the second blue capacitor in the middle of the circuit board as shown in fig. 2. If you have a Revision C or later computer board, or there is a wire soldered to either of those legs on either of these ICs, wire B is not required and should be secured so as to not touch anything on the circuit board."
Of course the instructions seldom told you how to determine whether your computer’s board was revision A, B, C or later, and you spent a good deal of time looking around to find the often hand-inked indicator of which it was. Ah, the good old days of the golden age of home computing.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.