Bloomberg Stands by Chinese Chip Story as Apple, Amazon Ratchet Up Denials

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,003
Shortly after Bloomberg published a bombshell story on how China used a tiny chip to infiltrate US companies, Amazon and Apple vehemently denied the claims, stating there were “many inaccuracies” in the report and how there is “no truth” to the story. While some experts say the scenario is plausible, senior Apple executives say they have never seen the chip and never even met with the FBI, who was purportedly involved in the investigation. Now, even Britain’s national cyber security agency is backing the tech giants’ denials.

If the Bloomberg story is true, there are thousands of compromised motherboards out there, and companies will be scouring their data centers for them. People have already identified the specific circuit board featured in the graphic at the top of the Bloomberg article, though it's not clear if this is a real photograph or a Bloomberg-made mockup. If the story is accurate, sooner or later someone will produce a compromised board and do a public teardown.
 

HeadRusch

[H]ard|Gawd
Joined
Jun 8, 2007
Messages
1,263
And if you think this means the USA will spool-up our own electronics manufacturing superfactories here, forget it....we'll just work another deal with another Chinese company to get this shit for free, thanks to their lax laws and borderline slavery working conditions...and keep an eye on that stuff until we get complacent, again. #truth
 

GotNoRice

[H]F Junkie
Joined
Jul 11, 2001
Messages
9,644
Of course those companies are going to deny it, they can't afford to piss off China at any cost. Unfortunately this is how China basically censors the United States in the 21st century - pressure against companies and people who can't afford to not cooperate with China.
 

RogueKitsune

Weaksauce
Joined
Apr 5, 2011
Messages
110
So not to say China's Government and even some companies doesn't do a lot of shady things, but at this point there is absolutely no evidence of this claim, or at least no evidence people are willing to pony up. So I am not really buying it.

BUT lets assume for a moment that this thing is real...

What are the gains out of this? They get to steal secrets? From what it seems like to me they are doing that just fine with cracking. And the "soft" approach makes it easier to hide intentions, sources, .etc
What are the downsides? If this is ever found almost every country and company will forever ban the use of affected products pretty much forever. Which should in turn ruin the company producing the affected equipment and make any future attempt of this much more difficult.

To me it just doesn't seem worth it.
But this is just what I think... and I have been wrong in the past, and I am sure I will be wrong again in the future
 

serpretetsky

[H]ard|Gawd
Joined
Dec 24, 2008
Messages
1,765
So not to say China's Government and even some companies doesn't do a lot of shady things, but at this point there is absolutely no evidence of this claim, or at least no evidence people are willing to pony up. So I am not really buying it.
I mostly agree with you and the rest of your post. It's just strange because it's bloomberg and they're not the kind of organization that puts trash articles out for clicks. If they are wrong the only way I could see that happening is that they somehow misinterpeted the interviews they conducted and connected events that are unrelated. I suppose it's reasonable to think that may have happened, but it's still pretty strange.
 

gxp500

Gawd
Joined
Mar 4, 2015
Messages
865
Supermicro's stock lost half its value, if all of this is false can't they sue bloomberg for libel?
 

JosiahBradley

[H]ard|Gawd
Joined
Mar 19, 2006
Messages
1,791
I literally opened up one of our supermicro servers yesterday and took pictures around the bmc area. Didn't see anything off but that would require me having the original pcb diagrams. This smells of the same hoax another company did to short AMD stocks. Looks like it worked this time though.
 

DrBorg

Gawd
Joined
Jan 22, 2005
Messages
555
I literally opened up one of our supermicro servers yesterday and took pictures around the bmc area. Didn't see anything off but that would require me having the original pcb diagrams. This smells of the same hoax another company did to short AMD stocks. Looks like it worked this time though.
You think you can tell the difference between a bus terminator WITH an embedded microprocessor, and one that doesn't?

You obviously have no idea about what either would look like. :)

Take another look at the article in question; ever even seen a bus terminator, or heard of one? (SCSI devices had big ones, if anyone remembers those.)

it's an 0201 sized part, for one thing... and both are active devices.

You or I are Never going to find one of those.

Only certain agencies can, and they have unlimited budgets.

I've reverse engineered a lot of circuitry in my career, but I've never even considered something like this; it would be incredibly easy to do tho.

There's no reason to change the PCB to do this, you just have to get Your chips on that PCB, instead of the real ones.

The Chinese fake parts to order all the time; I spent 6 months once finding out a 200V zener can be replaced with a rectifier diode that just happens to reverse breakdown at about 200V, but it dies quickly, and strangely.

They ground the tops off the floor sweepings parts, molded new tops on, and lasermarked them as zeners. :)

It was a $0.003 part... for a total profit of ~$12
 

sfsuphysics

I don't get it
Joined
Jan 14, 2007
Messages
14,094
So the two richest(?) companies in the US showing they currently kneel to their Chinese overlords in fantastic fashion. No this story wasnt about how Apple products had these chips or Amazon servers had them nope they jump to the defense of the Chinese
 

Wiffle

Limp Gawd
Joined
Oct 2, 2011
Messages
292
You think you can tell the difference between a bus terminator WITH an embedded microprocessor, and one that doesn't?

You obviously have no idea about what either would look like. :)

Take another look at the article in question; ever even seen a bus terminator, or heard of one? (SCSI devices had big ones, if anyone remembers those.)

it's an 0201 sized part, for one thing... and both are active devices.

You or I are Never going to find one of those.

Only certain agencies can, and they have unlimited budgets.

I've reverse engineered a lot of circuitry in my career, but I've never even considered something like this; it would be incredibly easy to do tho.

There's no reason to change the PCB to do this, you just have to get Your chips on that PCB, instead of the real ones.

The Chinese fake parts to order all the time; I spent 6 months once finding out a 200V zener can be replaced with a rectifier diode that just happens to reverse breakdown at about 200V, but it dies quickly, and strangely.

They ground the tops off the floor sweepings parts, molded new tops on, and lasermarked them as zeners. :)

It was a $0.003 part... for a total profit of ~$12
It's not necessarily the manufacturer doing either, its whomever they buy parts from, which likely include counterfeit operations. 12$ isn't much to me or you, but for some that is their bread and butter. It's a side effect of China buying up all the global e-waste for years and years. People are digging through old used electronics and parting them out. They figure out tricks like the one you mentioned and do it on a larger scale... usually cutting them in with good products much like low level drug dealers do. The manufacturers don't care themselves, cause cheaper parts mean more money for them, and they can always pass it off as "electronic failure" and send you a "new" one right quick. They still make money even if they have to replace a bunch, and they can pass the blame onto their parts suppliers... which quickly go out of business only to reappear a month later with a slightly different name.

It would be easy for the China government to "seed" all the tiny parts suppliers with rigged chips. Nobody would know the difference, and there won't be much of a trail pointing back to anyone.
 
Joined
Sep 15, 2017
Messages
167
If anyone wanted to know the source, an investigation should be made into who shorted Supermicro stock. It's likely same crap that they tried to pull with AMD recently, but it seems to have worked this time around.

Fake news, main point is that it excites public's imagination, so inserting China instead of just a general "security flaw" has the desired effect.

News organizations are as trash as they were at the beginning of 20th century.
 

MartinX

One Hour Martinizing While You Wait
Joined
Jan 23, 2003
Messages
7,187
I'm not a motherboard engineer/designer, but I'm super skeptical that you can just put a chip on a board and have it do even simple things that a chip in that position on the board wasn't intended to do.
I mean, I'd maybe get if an actual existing controller was cloned, and extra functionality added, but how many traces can a chip that small be attached to, maybe 3?, and it seems like it'd have to be a pretty major coincidence for whatever traces it is attached to give it enough access to other system components to be powered *and* do anything.

Also these are supposedly intercepted shipments, so we're really buying that hundreds or thousands of boards were unpacked, opened, and someone was manually soldering these tiny chips to the boards without breaking them, and no-one noticed?

Not buying it
 
  • Like
Reactions: Meeho
like this

steakman1971

2[H]4U
Joined
Nov 22, 2005
Messages
2,433
Supermicro's stock lost half its value, if all of this is false can't they sue bloomberg for libel?
This is a good point. I could see investors filing suit against Bloomberg if they can't prove it. Curious to see how this shakes out.
 

MartinX

One Hour Martinizing While You Wait
Joined
Jan 23, 2003
Messages
7,187
This is a good point. I could see investors filing suit against Bloomberg if they can't prove it. Curious to see how this shakes out.
Also if it's a real thing it's probably illegal for publicly traded companies to come out and definitively say it isn't a real thing

Maybe
 

zehoo

Limp Gawd
Joined
Aug 22, 2004
Messages
340
Whats next... tsmc putting these backdoors into the silicon of customers products?
Most of the Taiwanese people I know hate China so it wouldn’t be quite as easy to implement there.
 

Oldmodder

Gawd
Joined
Aug 24, 2018
Messages
706
Of course they deny, if they dident their stock would tumble, face is safe and bill forwarded to plebs.
 

Formula.350

[H]ard|Gawd
Joined
Sep 30, 2011
Messages
1,107
Here's my problem with it and what makes this a hard sell for me... But I'm on the fence so, if anyone who knows more about hardware engineering and PCB design, or even microcontrollers insofar as being used to tap into a circuit... by all means tell me! (I don't consider this tinfoil-hat, as it's my attempt at disproving it using logic.)

Knowing what I do about motherboards, or just PCB circuits in general, in order for something to have any kind of access as claimed means it would need to be placed in a few key locations; not a problem realistically, for sure not in a Hollywood movie plot. I'm not even going to touch the claim of it being the size of a grain of rice, so lets just assume that it's possible. I mean, we DO have chips that are that size that are on consumer products.
Here's a picture of the bottom area (upside down in pic) of an MSI A88X-G45 board. Here is a macro shot of that green portion. The spot I highlighted in red are for 4-pin chips (possibly BGA given the footprint and silkscreen [what I colored red]), and it's even smaller than the tiniest one populated on the board.

Then comes the fact of it being a "Microcontroller", which tend to have lots of functionality, or at least a few key functions, but as a result it means having multiple external contacts. As I see it you'll specifically need at least 3, but I think 4 solder points: Power, Ground, Data. 4 being Pwr, Gnd, Data+ and Data- (In and Out), but we'll give benefit of the doubt and say 3...

Now we start to get into why ... Finding a spot that it can tap in at will generally be at a Test Point (a small solder dot on the PCB for say voltage reading) or an unused small component spot like a tiny unused surface mounted (aka SMD) capacitor, diode or resistor; not uncommon at all to find this. Problem with that is they are usually either going to be in-line to filter, buffer, change resistance, limit current, ensure power flows one direction, etc; or they're going to be connected to ground, doing any number of similar things. Which means at best you may have the Data line access and ground access, but you lack power. Therein lies the crux because that kinda means running a tiny jump wire to deliver power, but that is realy not stealthy, meaning you'd now need to change the PCB design to add a power trace at the point you plan to insert this 'bugging chip'.

That, to me, is a hard sell. It doesn't just mean infiltrating a company and getting yourself on the design team to make the changes, but now you also have to sell the reason you've added it to 'co-workers' that will undoubtedly notice the curiously placed trace that seems to have no function or role. Furthermore, even if it does make it, PCBs go through continual revisions during their product cycle to make improvements and changes to increase performance or fix issues. So now you'll again have engineers scrutinizing the design, or just flat out removing it since they saw no reason for it to be there to begin with...


Am I on to something, or just on something?
 

Reimu

[H]ard|Gawd
Joined
Jul 25, 2009
Messages
1,626
Whats next... tsmc putting these backdoors into the silicon of customers products?
Not so much TSMC themselves, but anything that has to go through the Pearl river delta. TSMC stuff gets baked over Taiwan, not mainland China proper.
 

MartinX

One Hour Martinizing While You Wait
Joined
Jan 23, 2003
Messages
7,187
That, to me, is a hard sell. It doesn't just mean infiltrating a company and getting yourself on the design team to make the changes, but now you also have to sell the reason you've added it to 'co-workers' that will undoubtedly notice the curiously placed trace that seems to have no function or role. Furthermore, even if it does make it, PCBs go through continual revisions during their product cycle to make improvements and changes to increase performance or fix issues. So now you'll again have engineers scrutinizing the design, or just flat out removing it since they saw no reason for it to be there to begin with...


Am I on to something, or just on something?
AFAIK the claim is that the tiny evil haxor chips were added at some point *after* the boards left the factory, so no board design elements were ever there to facilitate them.

Basically it's really frigging unlikely this is a thing :p
 

nomu

Gawd
Joined
Jul 30, 2006
Messages
818
Also these are supposedly intercepted shipments, so we're really buying that hundreds or thousands of boards were unpacked, opened, and someone was manually soldering these tiny chips to the boards without breaking them, and no-one noticed?
No. The NSA intercepts shipments. This is supposedly a different method.

The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army.
 

Formula.350

[H]ard|Gawd
Joined
Sep 30, 2011
Messages
1,107
AFAIK the claim is that the tiny evil haxor chips were added at some point *after* the boards left the factory, so no board design elements were ever there to facilitate them.

Basically it's really frigging unlikely this is a thing :p
Oh, AFTER? Boy, that's some pinpoint accurate targeting if that's what's being claimed lol Granted I'm sure the very large orders are handled directly from SuperMirco, but that'd require some heavy infiltration of the company to have the people in place to pull this off. Sure it could be just 2, a person in headquarters which has in turn bugged multiple key systems, and then someone in manufacturing/warehouse/shipping (whichever) who then intercepts the boards before they leave and installs the chip.

But that's not even the accuracy part, since you are banking everything on the board(s) with the chip installed getting installed in a role that is going to yield beneficial data; nevermind getting installed, and not sitting as spares in case of failures.

lmao Can you imagine? There's probably a few dead Chinese spies right now because their government deemed the mission a complete failure since no data was ever received, despite having deployed a hundred-plus of their super-penetration-hardcore-backdoor devices (pretty sure we're still talking about espionage here...) that, little did anyone know, for the past 4 years has been sitting in Amazon's IT department Spare Parts Closet...
Thus the origin of the phrase "We really wanged that one up big time...", as it was Corporal Wang who made the final judgement call to have the devices installed on the final shipment of motherboards, so to not arouse suspicion by any delays in delivery.
 

Reimu

[H]ard|Gawd
Joined
Jul 25, 2009
Messages
1,626
AFAIK the claim is that the tiny evil haxor chips were added at some point *after* the boards left the factory, so no board design elements were ever there to facilitate them.

Basically it's really frigging unlikely this is a thing :p
I won't rule out that charging cords may be susceptible to something like that though.
 

DrBorg

Gawd
Joined
Jan 22, 2005
Messages
555
I'm not a motherboard engineer/designer, but I'm super skeptical that you can just put a chip on a board and have it do even simple things that a chip in that position on the board wasn't intended to do.
...
Here's my problem with it and what makes this a hard sell for me... But I'm on the fence so, if anyone who knows more about hardware engineering and PCB design, or even microcontrollers insofar as being used to tap into a circuit... by all means tell me! (I don't consider this tinfoil-hat, as it's my attempt at disproving it using logic.)

... or just on something?
Memory busses are all serial these days, at >3GB/s.

Look up how a modern memory bus works; it's easier than you think.

Add a microcontroller on the right bus, instead of the terminator, gives you access to that bus; info comes in, YOUR info flows out.

At the assembler level. This is machine code, executing at bus speeds.

It's almost impossible to capture on standard hardware, by normal people, but there are ways. As is the difficulty of doing this, which limits it to "nation state actors".

I've designed chips using these buses, so it can easily be done, it just takes the will to take the risk of exposure.

Like China or Russia fucking cares what we think, lol. They'll never be held accountable.

So, I've started to notice when people register for accounts; I wonder if Kyle has ever looked thru the IP logs, and tracked which comments come from where, and what VPN addresses, to keep obvious manipulation out of here.

Kyle, I'd send you a bottle of Jack Daniels if you'd publish a list of the IP addresses in this thread.

You don't have to attribute them, the addresses are enough. :)

Crap, I'm just going to get Banned again. :facepalm:

For the record, I'm completely against totaliarian garbage; those guys can rot in the hell they've created.

They have to steal tech, because they put all their creative people in prison. :)
 

Formula.350

[H]ard|Gawd
Joined
Sep 30, 2011
Messages
1,107
Memory busses are all serial these days, at >3GB/s.

Look up how a modern memory bus works; it's easier than you think.

Add a microcontroller on the right bus, instead of the terminator, gives you access to that bus; info comes in, YOUR info flows out.

At the assembler level. This is machine code, executing at bus speeds.

It's almost impossible to capture on standard hardware, by normal people, but there are ways. As is the difficulty of doing this, which limits it to "nation state actors".

I've designed chips using these buses, so it can easily be done, it just takes the will to take the risk of exposure.

Like China or Russia fucking cares what we think, lol. They'll never be held accountable.

So, I've started to notice when people register for accounts; I wonder if Kyle has ever looked thru the IP logs, and tracked which comments come from where, and what VPN addresses, to keep obvious manipulation out of here.

Kyle, I'd send you a bottle of Jack Daniels if you'd publish a list of the IP addresses in this thread.

You don't have to attribute them, the addresses are enough. :)

Crap, I'm just going to get Banned again. :facepalm:

For the record, I'm completely against totaliarian garbage; those guys can rot in the hell they've created.

They have to steal tech, because they put all their creative people in prison. :)
I started writing my reply at 1:30pm EST, took the photos, started editing, and then had to run errands before I got back... I really should've just checked for new posts before submitting mine. Not only would I have seen that MartinX essentially said the same thing I had (in much fewer words lol), but that you already had made a very insightful comment on the matter that probably would've been enough on its own to not bother making my post!

While the other post may not be directed at me at all, I do appreciate the info you've provided in both, thanks! :)
 

DrBorg

Gawd
Joined
Jan 22, 2005
Messages
555
I fell significantly off the wagon today; I'm done posting, but I feel I added to the discussion.

I'm so tired of Russin sockpuppets; I guess they won. :(

.
 

LstOfTheBrunnenG

Supreme [H]ardness
Joined
Jun 3, 2003
Messages
6,670
Devil's advocate: in this day and age of sealed warrants and warrant canaries, can we trust denials from Apple and Amazon, especially if this is an ongoing investigation? Hell, the companies involved might be under pressure for purely diplomatic reasons even if the intel is cold.
 
Joined
Aug 3, 2017
Messages
794
as usual for these sort of companies, they will deny anything that might impact their market value....how many time have we seen this...

until forced to otherwise by an intelligence report..

not like there's any value or reprisal attached to being honest afterall. Instead, there's value and profit to not to be
 
Joined
Aug 3, 2017
Messages
794
this report is more akin to Wikileaks than a geo-political war accusation ala Syrian chemical weapons

AFAIK the claim is that the tiny evil haxor chips were added at some point *after* the boards left the factory, so no board design elements were ever there to facilitate them.

Basically it's really frigging unlikely this is a thing :p
Bloomberg articles says in factory of subcon

So when did it become a transit attack?

If anyone wanted to know the source, an investigation should be made into who shorted Supermicro stock. It's likely same crap that they tried to pull with AMD recently, but it seems to have worked this time around.

Fake news, main point is that it excites public's imagination, so inserting China instead of just a general "security flaw" has the desired effect.

News organizations are as trash as they were at the beginning of 20th century.
not with so many sources. If Bloomberg mention one informant, then ok but Bloomberg is not one to say they have a dozen and completely lie on that part

some journalists with integrity still exists , ok. ( mostly in long form articles ). Just look at the award lists for journalists annually. Old papers and institutions still win regularly.

If you want to doubt journalism standards, then Chinese media would be the 1st to doubt. It's literally gov controlled, and being the sort of gov that censors news heavily....

Bloomberg should either be destroyed or raised to godlike status when all this settles. No middle ground.
Bloomberg in long form is good.
generally all long form articles are good. even BBC...shudders..

So not to say China's Government and even some companies doesn't do a lot of shady things, but at this point there is absolutely no evidence of this claim, or at least no evidence people are willing to pony up. So I am not really buying it.

BUT lets assume for a moment that this thing is real...

What are the gains out of this? They get to steal secrets? From what it seems like to me they are doing that just fine with cracking. And the "soft" approach makes it easier to hide intentions, sources, .etc
What are the downsides? If this is ever found almost every country and company will forever ban the use of affected products pretty much forever. Which should in turn ruin the company producing the affected equipment and make any future attempt of this much more difficult.

To me it just doesn't seem worth it.
But this is just what I think... and I have been wrong in the past, and I am sure I will be wrong again in the future
Refer China-2025 macro economic plan to displace all manufacturing outside of China. End goal is that everyone becomes so reliant on China, they become the defacto industrial and design powerhouse. To get there, is by all means neccessary.

Memory busses are all serial these days, at >3GB/s.

Look up how a modern memory bus works; it's easier than you think.

Add a microcontroller on the right bus, instead of the terminator, gives you access to that bus; info comes in, YOUR info flows out.

At the assembler level. This is machine code, executing at bus speeds.

It's almost impossible to capture on standard hardware, by normal people, but there are ways. As is the difficulty of doing this, which limits it to "nation state actors".

I've designed chips using these buses, so it can easily be done, it just takes the will to take the risk of exposure.

Like China or Russia fucking cares what we think, lol. They'll never be held accountable.

So, I've started to notice when people register for accounts; I wonder if Kyle has ever looked thru the IP logs, and tracked which comments come from where, and what VPN addresses, to keep obvious manipulation out of here.

Kyle, I'd send you a bottle of Jack Daniels if you'd publish a list of the IP addresses in this thread.

You don't have to attribute them, the addresses are enough. :)

Crap, I'm just going to get Banned again. :facepalm:

For the record, I'm completely against totaliarian garbage; those guys can rot in the hell they've created.

They have to steal tech, because they put all their creative people in prison. :)
i still remember all the hardware hacks that hijacked encryption keys , etc and the such ( root point being requiring physical access) .

So i have no idea why some people think something like this is not desired, or not feasible.

having this sort of access is like a skeleton key. Who the hell does not want this.....
 

N4CR

Supreme [H]ardness
Joined
Oct 17, 2011
Messages
4,688
Whats next... tsmc putting these backdoors into the silicon of customers products?
If you think that doesn't already happen across the spectrum, I have news for you.

https://motherboard.vice.com/en_us/...-drive-hack-was-first-demonstrated-a-year-ago

That's why this jumping around about China doing the same thing as everyone else is hilarious. I'd be much, much more worried about Israel. You know, that country that attacked the U.S.S Liberty in a documented and proven false flag in order to try start a US war with Egypt. Same country that has been at war with Syria for 30+ years....
 
Top