AlphaAtlas
[H]ard|Gawd
- Joined
- Mar 3, 2018
- Messages
- 1,713
According to a report by Bloomberg, the Chinese government has been spying on US tech companies with chips the size of a pencil head. Citing anonymous sources, Bloomberg claims intelligence officials went to the White House with information suggesting "China's military was preparing to insert the chips into Supermicro motherboards bound for U.S. companies" in early 2014. But without any evident targets or confirmed attacks, the White House chose to simply keep an ear on the ground. In 2015, as Amazon was looking to use servers from Elemental, Inc. for GPU accelerated video transcoding, an Amazon investigator detected some security peculiarities. The company sent a server to a third party, which found suspicious chips smaller than a grain of rice embedded on the Supermicro motherboards. These tiny microchips were connected to the baseboard management controller, giving attackers virtually unlimited and stealthy access to the whole system. This sent shocks through the security community, as Elemental's servers were used in CIA drones, Navy warships, and DoD datacenters. But that was just the start. The report claims Apple completely cut ties with Supermicro in 2015 over the issue, and that it "eventually affected almost 30 companies, including a major bank, [and] government contractors." As of now, Supermicro and other tech giants are vehemently denying Bloomberg's allegations. Thanks to Joe Wood for the tip.
One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the world's mobile phones and 90 percent of its PCs. Still, to actually accomplish a seeding attack would mean developing a deep understanding of a product's design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location-a feat akin to throwing a stick in the Yangtze River upstream from Shanghai and ensuring that it washes ashore in Seattle. "Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow," says Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc. "Hardware is just so far off the radar, it's almost treated like black magic."
One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the world's mobile phones and 90 percent of its PCs. Still, to actually accomplish a seeding attack would mean developing a deep understanding of a product's design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location-a feat akin to throwing a stick in the Yangtze River upstream from Shanghai and ensuring that it washes ashore in Seattle. "Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow," says Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc. "Hardware is just so far off the radar, it's almost treated like black magic."