China Embedded Spy Chips On Supermicro Motherboards

Discussion in 'HardForum Tech News' started by AlphaAtlas, Oct 4, 2018.

  1. Monkey God

    Monkey God Mangina Full of Sand

    Messages:
    6,722
    Joined:
    May 7, 2007
    Who wants to play catch the falling knife?
     
    Fleat and Frobozz like this.
  2. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,460
    Joined:
    Mar 4, 2013
    Looks like primarily limited to Elemental server line. Makes sense. PRC probably doesn't care about the average American's Porn collection but does want to learn how to build their own iProducts and how Amazon's AWS works. If you have the real blueprints for the iPhone, sure makes it easier to add such a chip the the China made parts before they are shipped to the US and knowing the internals of AWS makes infiltration that much easier.
     
    Schtask likes this.
  3. Meeho

    Meeho [H]ardness Supreme

    Messages:
    4,366
    Joined:
    Aug 16, 2010
    Do they have such detailed knowledge in the factory on which boards end up where? Or is there a custom SM design for Elemental specifically?
     
    Schtask likes this.
  4. harddud

    harddud Limp Gawd

    Messages:
    227
    Joined:
    Jul 29, 2005

    -57.1% 30 minutes later ...
     
  5. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,987
    Joined:
    Nov 15, 2016

    from the article, which is LONG.. it appears that the 3 main factories producing the boards were not making ones with the chips, it was 4 smaller sub contractors used to fulfill overflow needs that were infiltrated and had chips inserted onto those.
     
  6. TroubleMagnet

    TroubleMagnet Gawd

    Messages:
    534
    Joined:
    Oct 19, 2005
    This isn't the first security issue from SuperMicro. They've been banned from datacenter deployment where I work for a while now. Pretty good chance this chip could basically replace the BIOS, BMC or other firmware stored on the MB with their own version, likely selectively to avoid detection.

    "The issue's not whether you're paranoid, Lenny, I mean look at this shit, the issue is whether you're paranoid enough." --Max from Strange Days
     
  7. zehoo

    zehoo Limp Gawd

    Messages:
    252
    Joined:
    Aug 22, 2004
    Other countries love to spy on other countries and this was very much to be expected. One of the leading arguments in my opinion on why you don't have potential trade enemies manufacturing things like this for your home market.
     
    Madoc and Laowai like this.
  8. Laowai

    Laowai Gawd

    Messages:
    533
    Joined:
    Aug 9, 2018
    Friendly countries will spy on each other as well. Some things are much better off being made at home.
     
    jeffj7, Snowdensjacket and zehoo like this.
  9. EchtoGammut

    EchtoGammut 2[H]4U

    Messages:
    2,364
    Joined:
    May 7, 2007
    I'm doubting the Bloomberg reporting. There is so much of this that doesn't pass the basic logic test. First off you have to assume that Supermicro (an American company) made a deal with the Chinese to install these chips on custom PCB boards, spec'd by the customer, so they knew they would eventually get detected. It would have to have been done at a high level, because anyone who has had anything to do with PCB fabrication, knows you have trace layouts, testing pads, xray and lithography sheets, pick and place setups, etcetera that would all have to be updated to accommodate for this chip... (not to mention these proprietary board layouts would have to be given to whomever developed this chip, so the could integrate it). All this work and you know it would be detected because Amazon, Apple, etcetera will be pulling a certain number of boards and comparing them against the specs they sent to Supermicro. The changes in the traces and introduction one extra chip isn't going to go unnoticed. Sorry, it sounds plausible if you have no idea what goes into PCB manufacturing, but as someone who has seen all aspects of it, it's just not likely.
     
  10. [21CW]killerofall

    [21CW]killerofall Aliens...

    Messages:
    2,959
    Joined:
    Mar 16, 2006
    Isn't this why you run packet sniffers, to discover this shit and block it on the network level?
     
    sram and Schtask like this.
  11. Twisted Kidney

    Twisted Kidney 2[H]4U

    Messages:
    3,503
    Joined:
    Mar 18, 2013
    I worship my politicians, too. I'm so impressed with their very, very big brains.
     
  12. Dekar12

    Dekar12 Gawd

    Messages:
    745
    Joined:
    Oct 2, 2003
    Supermicro is going to be literally destroyed by this.

    But the chain of events that they allege happened, could really happen to any firm that is manufacturing in China. Agents were showing up, saying they were from Supermicro or they were using bribes/intimidation to get these chips into mother boards.

    I would also allege that it was probably pretty easy to get spies into Supermicro so that they got access to their motherboard designs so that they would know where to inject these chips well ahead of the scheduled manufacturing.
     
  13. DeathFromBelow

    DeathFromBelow [H]ardness Supreme

    Messages:
    7,173
    Joined:
    Jul 15, 2005
    I'd buy made-in-the-USA PC components like motherboards, even at 2x the cost of Chinese stuff. It's a shame nobody will do it.
     
    testicle likes this.
  14. EchtoGammut

    EchtoGammut 2[H]4U

    Messages:
    2,364
    Joined:
    May 7, 2007
    There is literally no way Chinese agents show up at a fab plant and make that many changes to the manufacturing process of PCB boards and it wouldn't be reported by Supermicro's onsite management. This isn't some minor thing, it would involve multiple engineers changing settings on the assembly line and engineers updating custom PCB traces. Either Supermicro was entirely complicit or this story is BS... I'm inclined to believe it is BS as there hasn't been any corroborating evidence to back this up.
     
    JackNSally likes this.
  15. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,215
    Joined:
    Oct 29, 2000

    This is even scarier though. Supermicro doesn't design its products in China to my knowledge. These spy-chips were surreptitiously inserted during the manufacturing process.

    This puts not just Chinese brands under suspicion, but every single electronic device manufactured in China, which is essentially all of them.
     
  16. Bobert

    Bobert Limp Gawd

    Messages:
    198
    Joined:
    May 22, 2011
    No board model numbers?
    No batch numbers?
    No pics for proof?
    No naming of the supposed 4 subcontractors?

    Humm.. :shifty:
     
    Meeho and Schtask like this.
  17. Schtask

    Schtask Limp Gawd

    Messages:
    436
    Joined:
    Nov 29, 2011
    ^^ Pretty much. If this story is true, this is greatest supply chain attack in history.
     
    testicle, nilepez, clockdogg and 2 others like this.
  18. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,215
    Joined:
    Oct 29, 2000
    There is no moral equivalence.
     
  19. Schtask

    Schtask Limp Gawd

    Messages:
    436
    Joined:
    Nov 29, 2011
    Yeah. Not to mention...What protocol was used to send data back? Was a protocol used to send the data back? Where did the data go? How was command and control facilitated? How did this pass perimeter monitoring for so many huge environments without flagging? There ARE ways to provide good answers to the above questions, which btw, are very valid questions that are asked in nearly any infosec related engagement. None of which are asked with answers provided in this report.
     
    Meeho likes this.
  20. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,460
    Joined:
    Mar 4, 2013
    As best I can tell from the long TFA, the chips were added at one or more subcontractors that provided sub assemblies for the primary contractors. The chip in question is small enough to be missed in any inspection a Manager is likely to make. The changes were probably made not to the first batch but to batches made long after the design had been approved and installed in thousands of main boards. If Lot #12 worked just fine, who is going to really give Lot #13 a close look if it works fine as well. And from TFA, Amazon and Apple did notice something weird and reported to the Feds sometime in 2015. Also stated that the reason Amazon sold off the China operation was it was so infected by this and other things it was easier to cut and run then accuse China of spying. Everyone stayed quiet until recently.
     
    Snowdensjacket and TroubleMagnet like this.
  21. GT98

    GT98 [H]ard|Gawd

    Messages:
    1,247
    Joined:
    Aug 29, 2001

    Maybe part of the reason why this information hasn't been released is that its still under investigation by the FBI/NSA/etc and is still classified not for public consumption?

    As for the design aspects of it-don't ever discount insider threats either-could have been development work done by a few employees that where actually agents of PRC intellengence or where turned by them.
     
  22. lostinseganet

    lostinseganet [H]ard|Gawd

    Messages:
    1,133
    Joined:
    Oct 8, 2008
    All these people talking about all that it takes to make this hack work, and expecting "Someone" to notice something wrong, and bring it up. I can't help but think did those somebodies get paid to care? When building this stuff, not designing, actual building you do your job, you get paid, you go home, and you get to do it all over again the next day. Then with all this military stuff it makes me think of Edward Snowden. He saw something wrong, and spoke up about it look where it got him...

    You do your job, you get paid, you go home, and you get to do it all over again the next day...
    You're not paid to care.
     
    cdr_74_premium and Madoc like this.
  23. Ascendor81

    Ascendor81 n00b

    Messages:
    40
    Joined:
    Feb 9, 2016
    So if we are replacing mobo's from 2015 and such. Arnt they 99.9% intel? Will this help AMD speedbup EPYC adoption, as datacenters decide to upgrade from this event?

    Would be hard to replace old mobo's in a DDR4 world, might as well replace everything?

    EPYC has less power usage, more cores, upgrade path, 7nm, mors memory speed and support, 5x lower cost.
     
  24. Bobert

    Bobert Limp Gawd

    Messages:
    198
    Joined:
    May 22, 2011
    The timing of this story is interesting. I wonder if a certain competitor is not happy with this partnership anymore.

    https://www.amd.com/en/campaigns/amd-and-supermicro

    Nah that would delve into the territory of conspiracy theory.. Mulder and Scully and all that.

    the-smoking-man-the-x-files.jpg
     
  25. Todd Walter

    Todd Walter Gawd

    Messages:
    606
    Joined:
    May 10, 2016
    Yeah, I don't get the doubters here. The fact that a chip was disguised as a different type of component is sufficient to be alarming. All other details would be classified so it's no surprise the article's author is circumspect, especially if there are canaries in the reports.
     
    Madoc likes this.
  26. SixFootDuo

    SixFootDuo [H]ardness Supreme

    Messages:
    5,499
    Joined:
    Oct 5, 2004
    Well, I can promise all of you that there is a lot more than just this going on. The United States has also been doing this type of business since the 40's. For many decades, the US supplied telecommunications equipment to the rest of the world. This included internet infrastructure and any related equipment since at least the 80's. And I am going to safely assume they have many top secret projects that fully cover all of their bases. I imagine China is heavily embedded one way or another.

    Also, depending on the design of a motherboard, motherboard thickness, trace width, trace thickness along with those lengths, IC placement, etc ... you can blow these little IC chips right off the motherboard remotely?
     
  27. ///AMG

    ///AMG 2[H]4U

    Messages:
    3,089
    Joined:
    Sep 19, 2012
    I doubt it will help that much because AMD is actively sharing their tech with china. Its probably a lot easier for the chinese to reverse engineering and develop a custom board and solution.
     
  28. Oldmodder

    Oldmodder Gawd

    Messages:
    707
    Joined:
    Aug 24, 2018
    Huawai check for stuff like this by slowly peeling off a thin layer by layer of what ever sub component to make sure nothing sneak buy, i would assume other people in high risk scenarios would do the same.

    Maybe thats Why the Danish mobile infrastructure to a large degree have been put in the hands of Huawei so we dont have to check for things like this ourself. :rolleyes::whistle:
     
  29. mikeo

    mikeo Limp Gawd

    Messages:
    422
    Joined:
    May 17, 2006
    Main article reads like a good spy story / movie plot with no real details or facts. Like when people say enhance in tv/movies.

    Disclaimer: I bought some supermicro stock half off this morning and am up 200 dollars since then so I might be biased hahahaha.
     
    DeathSmasher and Meeho like this.
  30. MixManSC

    MixManSC ║▌║█║▌│║▌║▌█ Staff Member

    Messages:
    6,833
    Joined:
    Aug 12, 2004
    :( damn....... I saw it at just under 10 bucks and should have freaking bought some! Now its back up around 13.20 a share. To have hit it right at 8.50 would have been amazing good timing!
     
    mikeo likes this.
  31. Deathroned

    Deathroned Gawd

    Messages:
    555
    Joined:
    Mar 6, 2015
    What Freedoms, sorry to burst your bubble but a certain Apartheid Regime that owns and controls your government gets all your data.
     
  32. whatevs

    whatevs Limp Gawd

    Messages:
    199
    Joined:
    Jun 23, 2017
    It's a good thing that AMD licensed their EPYC processor design to a Chinese company. Nothing bad can come from that.

    Anyway, any one else see red flags in the article. No matter if its IME style, how well hidden locally on the server, once it gets on the network it is monitored by a separate entity. The professionals should have detected anomalies very fast. Of course, you can never be surprised how bad things are in reality, like Equifax's security or OPM's security.
     
  33. Chebsy

    Chebsy Gawd

    Messages:
    524
    Joined:
    Jan 24, 2013
    Whether this is true or not, this kind of thing has been hinted at before with Huawei phones. Maybe it is time to build the fabs in western countries to be sure that this kind of thing stops.
     
    testicle likes this.
  34. Meeho

    Meeho [H]ardness Supreme

    Messages:
    4,366
    Joined:
    Aug 16, 2010
    Hinted. What about proven?
     
  35. HeadRusch

    HeadRusch [H]ard|Gawd

    Messages:
    1,122
    Joined:
    Jun 8, 2007
    Iv'e been waiting for this shit for a decade, too.....weaaponezed wifi is next ...bluetooth headaches......
     
  36. whatevs

    whatevs Limp Gawd

    Messages:
    199
    Joined:
    Jun 23, 2017
    We'll just have to see if this is a Cheney style lie to justify a new major war.

    Anything is possible, in either direction.

    Why would they do something so brazen, that literally leaves physical evidence(IE it cant be destroyed with a reboot,...) That's like 3 letter agency 101 level no-no. Of course you will get caught when it phones home. At some point.

    On other hand, they now have an emperor, they could have gotten too big or too arrogant. Many possibilities. Like even, its so stupid that no one would believe it was done.


    Of course, on our side. This is so much like the Cheney administrations Iraq War boondoggle. And with the president and the administration doing so much gaslighting.
     
    mikeo likes this.
  37. nilepez

    nilepez [H]ardForum Junkie

    Messages:
    11,374
    Joined:
    Jan 21, 2005
    I'd think it'd be the SEC, not the FBI that heads an investigation like that.
     
  38. Heavens

    Heavens n00b

    Messages:
    25
    Joined:
    Feb 18, 2018
    And here's me wondering why sensitive data is stored on devices that have a physical connection to the internet...
     
  39. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,525
    Joined:
    Jul 16, 2008

    The NSA target's an individual collection target, intercepts a shipment, compromises the equipment en-route, in order to establish/insert a vulnerability.

    It sounds like China was just seeding a factory in the hopes that their vulnerability would wind up in some choice servers. It's a little bit different.
     
  40. nilepez

    nilepez [H]ardForum Junkie

    Messages:
    11,374
    Joined:
    Jan 21, 2005
    AFAICT, it's still on the NASDAQ. But if it was dropped from there, it'd be on an OTC exchange. Given that their ticker symbol is still SMCI, I believe they're still on the Nasdaq.
     
Tags: