Whether it turns out to be true or not, this will be the biggest security blockbuster of the decade.
Clifford Heath
Whether it turns out to be true or not, this will be the biggest security blockbuster of the decade.
Clifford Heath
Couple of articles in The Register as well. Have said for years that we should keep the Chinese at arms length for hi tech, as even if they are not stealing the ip, they have more than enough reason to subvert the designs for their own good and the intellect to implement it. All good and furry on the outside, cheap manufacturing etc, but an undemocratic police state at core, with an expansionist agenda.
More than ever, nations progress through advances in the sciences and technology and it should be considered a national security asset. Don't need a tinfoil hat to see that...
Chris
I hate those white on black web sites. I won't be able to see for a while. Otherwise a great article. Doh, I could have used the reader view button!
Rick C.
This is my analysis:
Theo
Thanks for that write-up, but why do you find it more feasible that the firmware's being fetched across the network than that the interceptor chip simply has 32Mb of flash on it? It seems like that additional network traffic at boot time would be a pretty recognizable signature.
-- Rob Gaddi, Highland Technology -- www.highlandtechnology.com Email address domain is currently out of order. See above to fix.
It is possible that the implant is simply replacing the existing QSPI flash, but then a firmware update would either replace it, or the update checksum would fail. So it has to be something that keeps the original flash functioning and tampers with it conditionally.
A regular SPI flash chip couldn't that. A very basic flash edit (overdrive the real data lines and force some bytes of config settings) could be done in a CPLD - I didn't check what die sizes vendors have, but they can be small. An FPGA would likely be too big.
A full custom chip is also feasible, but in another league in terms of costs.
Theo
:
sh,
mve
eIt's a bit pedantic, but your distinction between CPLD and FPGA is not vali d, in fact there are very few CPLDs left on the market because they are not very competitive with FPGAs even on die size. Both types of devices waste a lot of real estate. CPLDs use large arrays to implement the local inter connect with a complete matrix. Larger CPLDs become disproportionately lar ge.
FPGAs use a mix of interconnect to try to find an optimal solution to the i nterconnect problem, but it is a somewhat intractable problem so a lot of r eal estate is still wasted trying to provide speed optimal solutions. All in all even in smaller PLD designs the FPGA architecture is usually used. There are several FPGAs with only 256 LUT-FFS in the chip and are very smal l sizes. They are always size limited by the need for I/O pads.
In this case, a 6 pin package with at most 4 I/Os, an FPGA could be built t hat was very small indeed, but still very functional.
Still, I expect it is a fully custom chip with an MCU, neither FPGA or CPLD . Did I miss something in the article?
BTW, if the chip has sufficient internal capacitance, it is possible to hav e five I/Os by scavenging power from the I/Os.
Rick C.
One article I read suggested that such a device would not even need to be visible on the board, but could mounted on one of the internal pcb layers.
Perhaps they already are, but companies need to be very wary of what they farm out for manufacturing overseas, especially considering that state level actors have essentially unlimited resources to engineer and hide such hardware hacks...
Chris
Chris
That was the original Bloomberg article. Down the bottom it said that this had already happened. It seems like something that would need substantial modifications to any existing PCB production tooling, so would be hard to do covertly.
Clifford Heath.
Modifying the hardware is virtually imposssible. You need the schematic, the pcb layout tools, a vendor who can duplicate the original pcb process, and a way to get the modified board into the process stream undetected.
Any hardware change can easily be detected. Take a photo of a known good board and a suspect board. Subtract them. Any differences would be instantly visible. Do the same with X-Rays. That would capture any changes to the internal layers.
It is far easier to do it in software. Modify the firmware so the change is invisible. There are virtually an infinite number of ways to do it. Untraceable, so no one can tell where it occurred in the process stream. Selective, so you can turn it on only when a desired target is found.
Someone is running a clickbait article. The whole idea of a hardware attack is not worth reading.
Steve, have you even read the article?
The device just needs to feed the BMC customised code over SPI. Six pins on an EEPROM would do it, or a chip that sits between the code EEPROM and modifies the SPI data.
Supermicro's San Jose design facility is full of Chinese, some of whom speak no English, just Mandarin. Of course the hack was a software hack; put there in the schematic and PCB layout by one of those designers. Or added to the Gerbers in the factory by someone who had access to the schematic and layout and knew where to cut and paste.
Neither of those things is implausible for a nation-state capability that has agents working for the company.
In any case, that wasn't the subject I was responding to.
Chris said he'd read about the malware chip being inserted in between PCB layers during fab. I don't think there's anything in normal PCB fab that would make that feasible.
Clifford Heath.
Thanks. Nicely thought out blog article. I agree that putting the chip on the SPI bus would be the ideal location. I might add that is would be possible to add microcode instructions to the CPU via the SPI bus (depending on how the added chip is wired into the system).
Some deficiencies and unanswered questions in the original Bloomberg article:
etc...
Not currently having the answers to these questions doesn't bother me. The lack of anyone close to the source actually bothering to answer them does bother me.
Sorry to be so vague but I've had a rotten day dealing with Microsoft's October 2018 Windoze 10 update destroying customer data. This has not been a good day.
-- Jeff Liebermann jeffl@cruzio.com 150 Felker St #D http://www.LearnByDestroying.com
They don't claim that, and we don't know it. The motherboard photos could have been sent by their inside source. It would have been much more risky to provide a whole MB to Bloomberg. The chip photos are probably something off Digikey.
If they don't have the board or chips, the rest of your questions don't matter.
Clifford Heath.
Good point. If they don't have physical possession of a working chip and/or motherboard, then that's the end of the physical evidence making literally everything written so far no better than speculation.
Incidentally, the photo of the chip and the finger look edited: At that level of magnifications, the ridges of the finger and the nail show substantial levels of dirt, cuts, and irregularities. Most peoples palm and back of the hand are different colors. To produce a perfectly rounded edge view, clean nails, clean ridges, an uniform color requires considerable photo editing. Since the chip seems to be back lighted, while the finger is lighted most from the right side, I would guess that the chip was added to the finger photo. Looking again at the solder plate on the chip, I'm sure it's never been attached to a PCB.
Fake news? I think so.
-- Jeff Liebermann jeffl@cruzio.com 150 Felker St #D http://www.LearnByDestroying.com
He has a good analysis IMNSHO. Sure hand anything to the press, especially the biased press, and it will publish that. The whole issue here is to get the reality show manager re-elected, mid-terms are knocking on the door, keep republicans in power, create a common enemy, standard stuff. Truth and 'tronics has little to do with it.
Any kid can make up this story.
Maybe that 'chip dot' is just flee poop, like the rest of what the reality lost show manager does. And as significant as that.
At the same time companies like Apple may hand all user data to China, they only have to ask for it.. Money, sales, profit is the law. Snake oil is the trade. :-) Oh well... remember in the last cold war how Russia was accused of spying on every one... Now US does it as one bigger number.
And there is nothing to know really, of value, that China does not already have, or can do better. That includes running a country.
Yes, why do they not show a circuit diagram? Board layout? Power is indeed an issue, pulldown could be done that way, but force a SPI line up?
Clifford Heath wrote in news:VpVtD.128717$SN2.9245 @fx38.iad:
Nope. The design engineers for Supermicro are in the US.
It may have been as simple as cutting and scraping clean pad areas on a single trace and adding the part to the trace lead. It was done at the manufacturing facility.
Jeff Liebermann wrote in news: snipped-for-privacy@4ax.com:
Did you even read the article? Did you not see the picture of what the chip contained?
And I am quite sure that the DoD's investigation into it was much more comprehensive than a news agency's most elite hardware nerd.
Jeff Liebermann wrote in news: snipped-for-privacy@4ax.com:
Bullshit. Operator error. Always backup first for one thing, and I still think you did something to cause the loss. And you do not have an instantaneous mirror on another machine for their data?
Sounds like something Trump would say.
the
ronal
e.
lash
be
f
types
CPLDs
256
ze
Not so much. An IC package is rather big and hard to insert, but the IC di e can be very thin and barely make a difference. Think COB.
Rick C.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.