China installing spy chips on hardware

Discussion in 'Networking & Security' started by FNtastic, Oct 5, 2018.

  1. FNtastic

    FNtastic Gawd

    Messages:
    873
    Joined:
    Jul 6, 2013
    Not to duplicate threads across the forum. I'm not sure how many watch the front page news here. A really disturbing article was posted yesterday. Wanted to share it here in the security section just in case anyone missed it, or wasn't aware of the front page news articles already.

    https://hardforum.com/threads/china-embedded-spy-chips-on-supermicro-motherboards.1969082/

    I personally don't see why we trusted them in the first place to manufacture vanilla hardware. I think it's a risk that corporations were willing to take with our data based on the price and availability of the product. And, the unlikely repercussions of the compromised data/networks from those affected.
     
  2. Machupo

    Machupo Gravity Tester

    Messages:
    5,308
    Joined:
    Nov 14, 2004
    And you wonder why the federal government kept RIM alive... well, until Chen took over and sent everything to Foxconn, lol.
     
  3. mkrohn

    mkrohn 2[H]4U

    Messages:
    2,317
    Joined:
    Apr 30, 2012
    So china gets you if its chinese made or america gets you if its american made. I don't think for a second that the american government doesn't do this kind of thing too. Given the way america is anything america has russia controls. Do we need the germans in charge of everything?
     
  4. Vengance_01

    Vengance_01 [H]ardness Supreme

    Messages:
    5,545
    Joined:
    Dec 23, 2001
    While its disturbing... As mkrohn mentions all government spy agencies do this to some degree... I always follow this rule... If man makes it, man can break it/hack it
     
  5. FNtastic

    FNtastic Gawd

    Messages:
    873
    Joined:
    Jul 6, 2013
    I'm not understanding your statements. Are you dismissing it because "everyone does it". Or, are you accepting it because "everyone does it"?
    If you had to choose the lesser of two evils, wouldn't that be to keep spying devices within your homeland?
     
  6. ironforge

    ironforge [H]ard|Gawd

    Messages:
    1,200
    Joined:
    Feb 7, 2006
    Trusted? I think the better word is sold out. I think someone made a profit to allow this to be outsourced. Maybe they knew about the "spy chips" maybe they didn't. Side note - I would hope that a US Navy ship would be 100% US Made, regardless of the quality or trustworthiness of other countries parts.
     
  7. Red Squirrel

    Red Squirrel [H]ardForum Junkie

    Messages:
    9,371
    Joined:
    Nov 29, 2009
    It really seems we can't trust hardware anymore. The intel ME is the real threat that seems to have blown over, but that's a BAD one because AMD does it too, so really, x86 as a whole is no longer secure from the prying eyes of the government. The SM one here is obviously bad too, but the fact that CPUs made by both Intel and AMD have backdoors right at the cpu level is super bad too and we can't forget about that.

    I think the only solution at this point is a software one, not sure what. Would virtualization help hide what is going on? Or are these backdoors smart enough to understand and handle the hypervisor to then spy on the individual VMs? What about some kind of distributed VM where you have 3 or more machines handle processing, in an encrypted fashion? A single computer's processing data won't mean anything to the backdoor without knowing what the other 3 are doing. Think, raid 5, but for resources such as ram and cpu. Then add encryption on top of it. I guess if these backdoors are sophisticated enough, they can probably talk to each other if there are other machines connected. Encryption won't solve anything either as at some point there needs to be an encryption key that is processed and the backdoor will simply catch it. Even if it has to be entered by a human at system startup.

    Either way, I think we've come to a point where we need to figure out a solution to all these backdoors. Whether they are real or not, the idea of them possibly existing is enough to need to be proactive. We know that all the governments are into spying on it's citizens so they will do anything to make it easier for them. Can't do much about the spying that goes on the internet but at the very least we should be able to feel secure within our own homes and local networks.
     
  8. mkrohn

    mkrohn 2[H]4U

    Messages:
    2,317
    Joined:
    Apr 30, 2012
    I'm dismissing this is as not really news and yes accepting it. I personally prefer China spying on me over america. I live in america and they're out to screw me anyway. China can't realistically touch me or do harm to me based on what they find. American? possibly view my tax situation as overly aggressive on write offs? Super conservatives are in power so would I be labeled some kind of deviant for the porn I like? When your government wants to get you they will.
     
  9. Blackjack

    Blackjack [H]ard|Gawd

    Messages:
    1,326
    Joined:
    Oct 29, 2007
    Saw the story the other day and until I see this corroborated by one or more independent security researchers its no more than FUD. Has anyone seen this independently confirmed? Most of the sources I usually go to haven't been able to.
     
  10. FNtastic

    FNtastic Gawd

    Messages:
    873
    Joined:
    Jul 6, 2013
    I found one of the spy chips in my coffee this morning :eek:
     
  11. Red Squirrel

    Red Squirrel [H]ardForum Junkie

    Messages:
    9,371
    Joined:
    Nov 29, 2009
    This one should be easier to confirm given it's a chip and not something inside a chip like Intel ME. But given how hell bent governments are on spying on us it's not really far fetched. But it would be good to have it confirmed, and also tell us how to disable it.

    Same with Intel ME hopefully someone can 1: confirm that it actually exists, and 2: figure out a true way to disable it. From what I've read it's quite complex though, as Intel will C&D anyone that tries to publish any info.