China installing spy chips on hardware

FNtastic

[H]ard|Gawd
Joined
Jul 6, 2013
Messages
1,419
Not to duplicate threads across the forum. I'm not sure how many watch the front page news here. A really disturbing article was posted yesterday. Wanted to share it here in the security section just in case anyone missed it, or wasn't aware of the front page news articles already.

https://hardforum.com/threads/china-embedded-spy-chips-on-supermicro-motherboards.1969082/

I personally don't see why we trusted them in the first place to manufacture vanilla hardware. I think it's a risk that corporations were willing to take with our data based on the price and availability of the product. And, the unlikely repercussions of the compromised data/networks from those affected.
 

Machupo

Gravity Tester
Joined
Nov 14, 2004
Messages
5,193
And you wonder why the federal government kept RIM alive... well, until Chen took over and sent everything to Foxconn, lol.
 

mkrohn

2[H]4U
Joined
Apr 30, 2012
Messages
2,334
So china gets you if its chinese made or america gets you if its american made. I don't think for a second that the american government doesn't do this kind of thing too. Given the way america is anything america has russia controls. Do we need the germans in charge of everything?
 

Vengance_01

Supreme [H]ardness
Joined
Dec 23, 2001
Messages
6,194
While its disturbing... As mkrohn mentions all government spy agencies do this to some degree... I always follow this rule... If man makes it, man can break it/hack it
 

FNtastic

[H]ard|Gawd
Joined
Jul 6, 2013
Messages
1,419
So china gets you if its chinese made or america gets you if its american made. I don't think for a second that the american government doesn't do this kind of thing too. Given the way america is anything america has russia controls. Do we need the germans in charge of everything?
While its disturbing... As mkrohn mentions all government spy agencies do this to some degree... I always follow this rule... If man makes it, man can break it/hack it
I'm not understanding your statements. Are you dismissing it because "everyone does it". Or, are you accepting it because "everyone does it"?
If you had to choose the lesser of two evils, wouldn't that be to keep spying devices within your homeland?
 

ironforge

[H]ard|Gawd
Joined
Feb 7, 2006
Messages
1,235
Not to duplicate threads across the forum. I'm not sure how many watch the front page news here. A really disturbing article was posted yesterday. Wanted to share it here in the security section just in case anyone missed it, or wasn't aware of the front page news articles already.

https://hardforum.com/threads/china-embedded-spy-chips-on-supermicro-motherboards.1969082/

I personally don't see why we trusted them in the first place to manufacture vanilla hardware. I think it's a risk that corporations were willing to take with our data based on the price and availability of the product. And, the unlikely repercussions of the compromised data/networks from those affected.
Trusted? I think the better word is sold out. I think someone made a profit to allow this to be outsourced. Maybe they knew about the "spy chips" maybe they didn't. Side note - I would hope that a US Navy ship would be 100% US Made, regardless of the quality or trustworthiness of other countries parts.
 

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
It really seems we can't trust hardware anymore. The intel ME is the real threat that seems to have blown over, but that's a BAD one because AMD does it too, so really, x86 as a whole is no longer secure from the prying eyes of the government. The SM one here is obviously bad too, but the fact that CPUs made by both Intel and AMD have backdoors right at the cpu level is super bad too and we can't forget about that.

I think the only solution at this point is a software one, not sure what. Would virtualization help hide what is going on? Or are these backdoors smart enough to understand and handle the hypervisor to then spy on the individual VMs? What about some kind of distributed VM where you have 3 or more machines handle processing, in an encrypted fashion? A single computer's processing data won't mean anything to the backdoor without knowing what the other 3 are doing. Think, raid 5, but for resources such as ram and cpu. Then add encryption on top of it. I guess if these backdoors are sophisticated enough, they can probably talk to each other if there are other machines connected. Encryption won't solve anything either as at some point there needs to be an encryption key that is processed and the backdoor will simply catch it. Even if it has to be entered by a human at system startup.

Either way, I think we've come to a point where we need to figure out a solution to all these backdoors. Whether they are real or not, the idea of them possibly existing is enough to need to be proactive. We know that all the governments are into spying on it's citizens so they will do anything to make it easier for them. Can't do much about the spying that goes on the internet but at the very least we should be able to feel secure within our own homes and local networks.
 

mkrohn

2[H]4U
Joined
Apr 30, 2012
Messages
2,334
I'm not understanding your statements. Are you dismissing it because "everyone does it". Or, are you accepting it because "everyone does it"?
If you had to choose the lesser of two evils, wouldn't that be to keep spying devices within your homeland?
I'm dismissing this is as not really news and yes accepting it. I personally prefer China spying on me over america. I live in america and they're out to screw me anyway. China can't realistically touch me or do harm to me based on what they find. American? possibly view my tax situation as overly aggressive on write offs? Super conservatives are in power so would I be labeled some kind of deviant for the porn I like? When your government wants to get you they will.
 

Blackjack

[H]ard|Gawd
Joined
Oct 29, 2007
Messages
1,327
Saw the story the other day and until I see this corroborated by one or more independent security researchers its no more than FUD. Has anyone seen this independently confirmed? Most of the sources I usually go to haven't been able to.
 

FNtastic

[H]ard|Gawd
Joined
Jul 6, 2013
Messages
1,419
Saw the story the other day and until I see this corroborated by one or more independent security researchers its no more than FUD. Has anyone seen this independently confirmed? Most of the sources I usually go to haven't been able to.
I found one of the spy chips in my coffee this morning :eek:
 

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
This one should be easier to confirm given it's a chip and not something inside a chip like Intel ME. But given how hell bent governments are on spying on us it's not really far fetched. But it would be good to have it confirmed, and also tell us how to disable it.

Same with Intel ME hopefully someone can 1: confirm that it actually exists, and 2: figure out a true way to disable it. From what I've read it's quite complex though, as Intel will C&D anyone that tries to publish any info.
 
Top