Bloomberg Stands by Chinese Chip Story as Apple, Amazon Ratchet Up Denials

Discussion in 'HardForum Tech News' started by Megalith, Oct 6, 2018.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    13,004
    Joined:
    Aug 20, 2006
    Shortly after Bloomberg published a bombshell story on how China used a tiny chip to infiltrate US companies, Amazon and Apple vehemently denied the claims, stating there were “many inaccuracies” in the report and how there is “no truth” to the story. While some experts say the scenario is plausible, senior Apple executives say they have never seen the chip and never even met with the FBI, who was purportedly involved in the investigation. Now, even Britain’s national cyber security agency is backing the tech giants’ denials.

    If the Bloomberg story is true, there are thousands of compromised motherboards out there, and companies will be scouring their data centers for them. People have already identified the specific circuit board featured in the graphic at the top of the Bloomberg article, though it's not clear if this is a real photograph or a Bloomberg-made mockup. If the story is accurate, sooner or later someone will produce a compromised board and do a public teardown.
     
    GDI Lord likes this.
  2. HeadRusch

    HeadRusch [H]ard|Gawd

    Messages:
    1,127
    Joined:
    Jun 8, 2007
    And if you think this means the USA will spool-up our own electronics manufacturing superfactories here, forget it....we'll just work another deal with another Chinese company to get this shit for free, thanks to their lax laws and borderline slavery working conditions...and keep an eye on that stuff until we get complacent, again. #truth
     
    N4CR, Unit44, theBrownLlama and 5 others like this.
  3. GotNoRice

    GotNoRice [H]ardForum Junkie

    Messages:
    9,214
    Joined:
    Jul 11, 2001
    Of course those companies are going to deny it, they can't afford to piss off China at any cost. Unfortunately this is how China basically censors the United States in the 21st century - pressure against companies and people who can't afford to not cooperate with China.
     
  4. gxp500

    gxp500 Gawd

    Messages:
    865
    Joined:
    Mar 4, 2015
    Whats next... tsmc putting these backdoors into the silicon of customers products?
     
    MrGuvernment and SpeedyVV like this.
  5. Meeho

    Meeho [H]ardness Supreme

    Messages:
    4,470
    Joined:
    Aug 16, 2010
    Bloomberg should either be destroyed or raised to godlike status when all this settles. No middle ground.
     
    Dahkoht, /dev/null, DooLocsta and 2 others like this.
  6. RogueKitsune

    RogueKitsune [H]Lite

    Messages:
    110
    Joined:
    Apr 5, 2011
    So not to say China's Government and even some companies doesn't do a lot of shady things, but at this point there is absolutely no evidence of this claim, or at least no evidence people are willing to pony up. So I am not really buying it.

    BUT lets assume for a moment that this thing is real...

    What are the gains out of this? They get to steal secrets? From what it seems like to me they are doing that just fine with cracking. And the "soft" approach makes it easier to hide intentions, sources, .etc
    What are the downsides? If this is ever found almost every country and company will forever ban the use of affected products pretty much forever. Which should in turn ruin the company producing the affected equipment and make any future attempt of this much more difficult.

    To me it just doesn't seem worth it.
    But this is just what I think... and I have been wrong in the past, and I am sure I will be wrong again in the future
     
  7. serpretetsky

    serpretetsky [H]ard|Gawd

    Messages:
    1,700
    Joined:
    Dec 24, 2008
    I mostly agree with you and the rest of your post. It's just strange because it's bloomberg and they're not the kind of organization that puts trash articles out for clicks. If they are wrong the only way I could see that happening is that they somehow misinterpeted the interviews they conducted and connected events that are unrelated. I suppose it's reasonable to think that may have happened, but it's still pretty strange.
     
  8. gxp500

    gxp500 Gawd

    Messages:
    865
    Joined:
    Mar 4, 2015
    Supermicro's stock lost half its value, if all of this is false can't they sue bloomberg for libel?
     
  9. kirbyrj

    kirbyrj [H]ard as it Gets

    Messages:
    24,473
    Joined:
    Feb 1, 2005
    Sort of like Intel with the ME flaws?
     
  10. kirbyrj

    kirbyrj [H]ard as it Gets

    Messages:
    24,473
    Joined:
    Feb 1, 2005
    You would think that this wouldn't be that hard to prove or disprove.
     
    Poseur and John721 like this.
  11. JosiahBradley

    JosiahBradley [H]ard|Gawd

    Messages:
    1,720
    Joined:
    Mar 19, 2006
    I literally opened up one of our supermicro servers yesterday and took pictures around the bmc area. Didn't see anything off but that would require me having the original pcb diagrams. This smells of the same hoax another company did to short AMD stocks. Looks like it worked this time though.
     
  12. gxp500

    gxp500 Gawd

    Messages:
    865
    Joined:
    Mar 4, 2015
    I was thinking more along the lines of tsmc putting a backdoor into qualcomm's soc or amd's cpu's right into the silicon, that would be nuts.
     
  13. DrBorg

    DrBorg Gawd

    Messages:
    555
    Joined:
    Jan 22, 2005
    You think you can tell the difference between a bus terminator WITH an embedded microprocessor, and one that doesn't?

    You obviously have no idea about what either would look like. :)

    Take another look at the article in question; ever even seen a bus terminator, or heard of one? (SCSI devices had big ones, if anyone remembers those.)

    it's an 0201 sized part, for one thing... and both are active devices.

    You or I are Never going to find one of those.

    Only certain agencies can, and they have unlimited budgets.

    I've reverse engineered a lot of circuitry in my career, but I've never even considered something like this; it would be incredibly easy to do tho.

    There's no reason to change the PCB to do this, you just have to get Your chips on that PCB, instead of the real ones.

    The Chinese fake parts to order all the time; I spent 6 months once finding out a 200V zener can be replaced with a rectifier diode that just happens to reverse breakdown at about 200V, but it dies quickly, and strangely.

    They ground the tops off the floor sweepings parts, molded new tops on, and lasermarked them as zeners. :)

    It was a $0.003 part... for a total profit of ~$12
     
  14. RealBeast

    RealBeast Gawd

    Messages:
    648
    Joined:
    Aug 4, 2010
    Silly you, it's a feature. ;)
     
    kirbyrj likes this.
  15. sfsuphysics

    sfsuphysics I don't get it

    Messages:
    13,694
    Joined:
    Jan 14, 2007
    So the two richest(?) companies in the US showing they currently kneel to their Chinese overlords in fantastic fashion. No this story wasnt about how Apple products had these chips or Amazon servers had them nope they jump to the defense of the Chinese
     
    theBrownLlama likes this.
  16. Wiffle

    Wiffle Limp Gawd

    Messages:
    292
    Joined:
    Oct 2, 2011
    It's not necessarily the manufacturer doing either, its whomever they buy parts from, which likely include counterfeit operations. 12$ isn't much to me or you, but for some that is their bread and butter. It's a side effect of China buying up all the global e-waste for years and years. People are digging through old used electronics and parting them out. They figure out tricks like the one you mentioned and do it on a larger scale... usually cutting them in with good products much like low level drug dealers do. The manufacturers don't care themselves, cause cheaper parts mean more money for them, and they can always pass it off as "electronic failure" and send you a "new" one right quick. They still make money even if they have to replace a bunch, and they can pass the blame onto their parts suppliers... which quickly go out of business only to reappear a month later with a slightly different name.

    It would be easy for the China government to "seed" all the tiny parts suppliers with rigged chips. Nobody would know the difference, and there won't be much of a trail pointing back to anyone.
     
  17. Twisted Kidney

    Twisted Kidney 2[H]4U

    Messages:
    3,500
    Joined:
    Mar 18, 2013
  18. OnceSetThisCannotChange

    OnceSetThisCannotChange Limp Gawd

    Messages:
    142
    Joined:
    Sep 15, 2017
    If anyone wanted to know the source, an investigation should be made into who shorted Supermicro stock. It's likely same crap that they tried to pull with AMD recently, but it seems to have worked this time around.

    Fake news, main point is that it excites public's imagination, so inserting China instead of just a general "security flaw" has the desired effect.

    News organizations are as trash as they were at the beginning of 20th century.
     
  19. MartinX

    MartinX One Hour Martinizing While You Wait

    Messages:
    7,187
    Joined:
    Jan 23, 2003
    I'm not a motherboard engineer/designer, but I'm super skeptical that you can just put a chip on a board and have it do even simple things that a chip in that position on the board wasn't intended to do.
    I mean, I'd maybe get if an actual existing controller was cloned, and extra functionality added, but how many traces can a chip that small be attached to, maybe 3?, and it seems like it'd have to be a pretty major coincidence for whatever traces it is attached to give it enough access to other system components to be powered *and* do anything.

    Also these are supposedly intercepted shipments, so we're really buying that hundreds or thousands of boards were unpacked, opened, and someone was manually soldering these tiny chips to the boards without breaking them, and no-one noticed?

    Not buying it
     
    Meeho likes this.
  20. steakman1971

    steakman1971 2[H]4U

    Messages:
    2,433
    Joined:
    Nov 22, 2005
    This is a good point. I could see investors filing suit against Bloomberg if they can't prove it. Curious to see how this shakes out.
     
  21. MartinX

    MartinX One Hour Martinizing While You Wait

    Messages:
    7,187
    Joined:
    Jan 23, 2003
    Also if it's a real thing it's probably illegal for publicly traded companies to come out and definitively say it isn't a real thing

    Maybe
     
    trandoanhung1991 and Meeho like this.
  22. serious

    serious Limp Gawd

    Messages:
    225
    Joined:
    Sep 24, 2012
    Happy April fools in October and Bloomberg walks free. See CTS Labs for more details.
     
  23. zehoo

    zehoo Limp Gawd

    Messages:
    253
    Joined:
    Aug 22, 2004
    Most of the Taiwanese people I know hate China so it wouldn’t be quite as easy to implement there.
     
  24. Oldmodder

    Oldmodder Gawd

    Messages:
    707
    Joined:
    Aug 24, 2018
    Of course they deny, if they dident their stock would tumble, face is safe and bill forwarded to plebs.
     
  25. Formula.350

    Formula.350 [H]ard|Gawd

    Messages:
    1,107
    Joined:
    Sep 30, 2011
    Here's my problem with it and what makes this a hard sell for me... But I'm on the fence so, if anyone who knows more about hardware engineering and PCB design, or even microcontrollers insofar as being used to tap into a circuit... by all means tell me! (I don't consider this tinfoil-hat, as it's my attempt at disproving it using logic.)

    Knowing what I do about motherboards, or just PCB circuits in general, in order for something to have any kind of access as claimed means it would need to be placed in a few key locations; not a problem realistically, for sure not in a Hollywood movie plot. I'm not even going to touch the claim of it being the size of a grain of rice, so lets just assume that it's possible. I mean, we DO have chips that are that size that are on consumer products.
    Here's a picture of the bottom area (upside down in pic) of an MSI A88X-G45 board. Here is a macro shot of that green portion. The spot I highlighted in red are for 4-pin chips (possibly BGA given the footprint and silkscreen [what I colored red]), and it's even smaller than the tiniest one populated on the board.

    Then comes the fact of it being a "Microcontroller", which tend to have lots of functionality, or at least a few key functions, but as a result it means having multiple external contacts. As I see it you'll specifically need at least 3, but I think 4 solder points: Power, Ground, Data. 4 being Pwr, Gnd, Data+ and Data- (In and Out), but we'll give benefit of the doubt and say 3...

    Now we start to get into why ... Finding a spot that it can tap in at will generally be at a Test Point (a small solder dot on the PCB for say voltage reading) or an unused small component spot like a tiny unused surface mounted (aka SMD) capacitor, diode or resistor; not uncommon at all to find this. Problem with that is they are usually either going to be in-line to filter, buffer, change resistance, limit current, ensure power flows one direction, etc; or they're going to be connected to ground, doing any number of similar things. Which means at best you may have the Data line access and ground access, but you lack power. Therein lies the crux because that kinda means running a tiny jump wire to deliver power, but that is realy not stealthy, meaning you'd now need to change the PCB design to add a power trace at the point you plan to insert this 'bugging chip'.

    That, to me, is a hard sell. It doesn't just mean infiltrating a company and getting yourself on the design team to make the changes, but now you also have to sell the reason you've added it to 'co-workers' that will undoubtedly notice the curiously placed trace that seems to have no function or role. Furthermore, even if it does make it, PCBs go through continual revisions during their product cycle to make improvements and changes to increase performance or fix issues. So now you'll again have engineers scrutinizing the design, or just flat out removing it since they saw no reason for it to be there to begin with...


    Am I on to something, or just on something?
     
  26. Reimu

    Reimu [H]ard|Gawd

    Messages:
    1,625
    Joined:
    Jul 25, 2009
    Not so much TSMC themselves, but anything that has to go through the Pearl river delta. TSMC stuff gets baked over Taiwan, not mainland China proper.
     
  27. Meeho

    Meeho [H]ardness Supreme

    Messages:
    4,470
    Joined:
    Aug 16, 2010
    That was a clusterfuck. They've walked away free?
     
  28. MartinX

    MartinX One Hour Martinizing While You Wait

    Messages:
    7,187
    Joined:
    Jan 23, 2003
    AFAIK the claim is that the tiny evil haxor chips were added at some point *after* the boards left the factory, so no board design elements were ever there to facilitate them.

    Basically it's really frigging unlikely this is a thing :p
     
  29. nomu

    nomu Gawd

    Messages:
    817
    Joined:
    Jul 30, 2006
    No. The NSA intercepts shipments. This is supposedly a different method.

     
  30. Formula.350

    Formula.350 [H]ard|Gawd

    Messages:
    1,107
    Joined:
    Sep 30, 2011
    Oh, AFTER? Boy, that's some pinpoint accurate targeting if that's what's being claimed lol Granted I'm sure the very large orders are handled directly from SuperMirco, but that'd require some heavy infiltration of the company to have the people in place to pull this off. Sure it could be just 2, a person in headquarters which has in turn bugged multiple key systems, and then someone in manufacturing/warehouse/shipping (whichever) who then intercepts the boards before they leave and installs the chip.

    But that's not even the accuracy part, since you are banking everything on the board(s) with the chip installed getting installed in a role that is going to yield beneficial data; nevermind getting installed, and not sitting as spares in case of failures.

    lmao Can you imagine? There's probably a few dead Chinese spies right now because their government deemed the mission a complete failure since no data was ever received, despite having deployed a hundred-plus of their super-penetration-hardcore-backdoor devices (pretty sure we're still talking about espionage here...) that, little did anyone know, for the past 4 years has been sitting in Amazon's IT department Spare Parts Closet...
    Thus the origin of the phrase "We really wanged that one up big time...", as it was Corporal Wang who made the final judgement call to have the devices installed on the final shipment of motherboards, so to not arouse suspicion by any delays in delivery.
     
  31. Reimu

    Reimu [H]ard|Gawd

    Messages:
    1,625
    Joined:
    Jul 25, 2009
    I won't rule out that charging cords may be susceptible to something like that though.
     
  32. DrBorg

    DrBorg Gawd

    Messages:
    555
    Joined:
    Jan 22, 2005
    Memory busses are all serial these days, at >3GB/s.

    Look up how a modern memory bus works; it's easier than you think.

    Add a microcontroller on the right bus, instead of the terminator, gives you access to that bus; info comes in, YOUR info flows out.

    At the assembler level. This is machine code, executing at bus speeds.

    It's almost impossible to capture on standard hardware, by normal people, but there are ways. As is the difficulty of doing this, which limits it to "nation state actors".

    I've designed chips using these buses, so it can easily be done, it just takes the will to take the risk of exposure.

    Like China or Russia fucking cares what we think, lol. They'll never be held accountable.

    So, I've started to notice when people register for accounts; I wonder if Kyle has ever looked thru the IP logs, and tracked which comments come from where, and what VPN addresses, to keep obvious manipulation out of here.

    Kyle, I'd send you a bottle of Jack Daniels if you'd publish a list of the IP addresses in this thread.

    You don't have to attribute them, the addresses are enough. :)

    Crap, I'm just going to get Banned again. :facepalm:

    For the record, I'm completely against totaliarian garbage; those guys can rot in the hell they've created.

    They have to steal tech, because they put all their creative people in prison. :)
     
    trandoanhung1991 and Formula.350 like this.
  33. Formula.350

    Formula.350 [H]ard|Gawd

    Messages:
    1,107
    Joined:
    Sep 30, 2011
    I started writing my reply at 1:30pm EST, took the photos, started editing, and then had to run errands before I got back... I really should've just checked for new posts before submitting mine. Not only would I have seen that MartinX essentially said the same thing I had (in much fewer words lol), but that you already had made a very insightful comment on the matter that probably would've been enough on its own to not bother making my post!

    While the other post may not be directed at me at all, I do appreciate the info you've provided in both, thanks! :)
     
    DrBorg likes this.
  34. DrBorg

    DrBorg Gawd

    Messages:
    555
    Joined:
    Jan 22, 2005
    I fell significantly off the wagon today; I'm done posting, but I feel I added to the discussion.

    I'm so tired of Russin sockpuppets; I guess they won. :(

    .
     
  35. LstOfTheBrunnenG

    LstOfTheBrunnenG [H]ardness Supreme

    Messages:
    6,668
    Joined:
    Jun 3, 2003
    Devil's advocate: in this day and age of sealed warrants and warrant canaries, can we trust denials from Apple and Amazon, especially if this is an ongoing investigation? Hell, the companies involved might be under pressure for purely diplomatic reasons even if the intel is cold.
     
    theBrownLlama likes this.
  36. theBrownLlama

    theBrownLlama Gawd

    Messages:
    794
    Joined:
    Aug 3, 2017
    as usual for these sort of companies, they will deny anything that might impact their market value....how many time have we seen this...

    until forced to otherwise by an intelligence report..

    not like there's any value or reprisal attached to being honest afterall. Instead, there's value and profit to not to be
     
  37. theBrownLlama

    theBrownLlama Gawd

    Messages:
    794
    Joined:
    Aug 3, 2017
    this report is more akin to Wikileaks than a geo-political war accusation ala Syrian chemical weapons

    Bloomberg articles says in factory of subcon

    So when did it become a transit attack?

    not with so many sources. If Bloomberg mention one informant, then ok but Bloomberg is not one to say they have a dozen and completely lie on that part

    some journalists with integrity still exists , ok. ( mostly in long form articles ). Just look at the award lists for journalists annually. Old papers and institutions still win regularly.

    If you want to doubt journalism standards, then Chinese media would be the 1st to doubt. It's literally gov controlled, and being the sort of gov that censors news heavily....

    Bloomberg in long form is good.
    generally all long form articles are good. even BBC...shudders..

    Refer China-2025 macro economic plan to displace all manufacturing outside of China. End goal is that everyone becomes so reliant on China, they become the defacto industrial and design powerhouse. To get there, is by all means neccessary.

    i still remember all the hardware hacks that hijacked encryption keys , etc and the such ( root point being requiring physical access) .

    So i have no idea why some people think something like this is not desired, or not feasible.

    having this sort of access is like a skeleton key. Who the hell does not want this.....
     
  38. N4CR

    N4CR 2[H]4U

    Messages:
    3,860
    Joined:
    Oct 17, 2011
    Of course there are no backdoors, sheeple! Go back to work! Don't worry! Don't look! Don't investigate.

    God damn glowing traitors as usual don't want their pervy backdoor security holes audited.
     
  39. N4CR

    N4CR 2[H]4U

    Messages:
    3,860
    Joined:
    Oct 17, 2011
    If you think that doesn't already happen across the spectrum, I have news for you.

    https://motherboard.vice.com/en_us/...-drive-hack-was-first-demonstrated-a-year-ago

    That's why this jumping around about China doing the same thing as everyone else is hilarious. I'd be much, much more worried about Israel. You know, that country that attacked the U.S.S Liberty in a documented and proven false flag in order to try start a US war with Egypt. Same country that has been at war with Syria for 30+ years....
     
  40. Trimlock

    Trimlock [H]ardForum Junkie

    Messages:
    15,157
    Joined:
    Sep 23, 2005
    Waiting a bit longer and going to buy in.