Report: Chinese spies snuck tiny backdoor chips onto US corporate, government and military servers

Smells like trump is ramping up his anti China game and taking on his enemies at the same time. /tinfoil hat

Highly doubtful, since (per the Businessweek article) the whole topic is top secret. But if you read to the end of that, the artwork depicts what are likely to be 2U rack server boards. Not commonly used at home.

The article also mentions that software was written to specifically monitor some of these chips, so it seems likely that they can be detected. However, they are being continually improved, refined, and better hidden.

2 Likes

depending on their source

According to anonymous US spies interviewed by the Bloomberg writers

I would take this “report” from bloomberg with a grain of salt. the nerds also seem to call this BS:

3 Likes

Mine are definitely server/workstation boards:
https://www.supermicro.com/products/motherboard/Xeon/C600/X9DRi-LN4F_.cfm
https://www.supermicro.com/Aplus/motherboard/Opteron6000/SR56x0/H8DGi-F.cfm

Turnabout is fair play…

4 Likes

maybe they just wanted to make sure we all got we wanted for xmas and birthdays ?

wholesome conspiracy a new show on WB

because it isn’t how electronics work. you can’t simply “hide a really tiny chip” on a motherboard. notice how how many connections any processing chip that has any sort of meaningful connection and interface to other components on the board needs? it isn’t the chip you have to hide. you can’t hide connecting it in a meaningful way like the article describes.

you could put a backdoor in a processor chip itself at the manufacturing level, but not hide a tiny chip on the board. you can have a remote update and admin chipset like intel’s, but that can’t be hidden in this way. if there was any kernel of truth we are two tech-paranoids with no electronics knowledge deep away from it.

most likely total BS. Apple says the story is BS. Amazon says it is BS. US Government says it is BS.
the person who wrote the article doesn’t understand most of what they are talking about it is obvious. they don’t understand kernel signing, micro architecture, electronics, coding…but they do have an Anonymous Spy Source.

period.

if the source piece didn’t get all the key details so wrong it might be a bit more believable.

3 Likes

I am not so sure anymore (ok, I wasnt in the first place, but…); the register has a pretty good analysis on the topic, technical its seems entirely possible, but the chip in question itself just looks too tiny for what its supposed to do:

And a fifth thing: the chip allegedly fits on a pencil tip. That it can intercept and rewrite data on the fly from SPI flash or a serial EEPROM is not impossible. However, it has to contain enough data to replace the fetched BMC firmware code, that then alters the running operating system or otherwise implements a viable backdoor. Either the chip pictured in Bloomberg’s article is incorrect and just an illustration, and the actual device is larger, or there is state-of-the-art custom semiconductor fabrication involved here.

and an interesting thought on page three:

From that point, it is very possible that the other sources that Bloomberg felt were confirming its story were confirming something else: that China is trying to get into the hardware supply chain. Which is no doubt true, as US intelligence agencies have repeatedly warned in the past year, particularly with respect to mobile phones.

ps: supermicros shareprice fell 50% after the bloomberg-article. time for popcorn.

it isn’t the chip size, it is how you’d have to connect it and where.

both articles get so many really base facts wrong as to not be credible.

it isn’t that malicious exploits can’t be hidden in the hardware, it is that things don’t work how they describe, so if there was some real story we are hearing about it from someone getting the basics wrong quoting the article that also is getting many of the basics wrong from an anonymous source with zero substantiation.

until there is more to go on any reasonable person sees that only BS and misinformation is on the table and assumes that is all there is until they see a shred of something to prove otherwise. like credible information.

when someone starts shouting that we are all going to get computer bug infestations because of browser cookie crumbs you can’t take it seriously, the explanations and misunderstanding of the technology in both articles are akin to that.

I am really not so sure as you seem to be, neither are the nerds at this point:

So how many pins/ IOs you think a 0402 size device can handle? The Bloomberg report show it a 6 pin device, I simply don’t believe a 6 pin is enough for hacking and communication.

If it’s on SPI lines then 4 pins could be for comms (miso, mosi, sck, ss) with a pin for vcc and ground, it’s feasible it could be on six total pins. But that would imply a loooot of doing with only that SPI interface. Magic 8 ball would be like “unlikely.”

https://twitter.com/qrs/status/1047910169261330432

or The Register-article as you might noticed :wink: which brings me to a question regarding this

in case of The Register, which are? seriously.

2 Likes

Bloomberg and BB were the two I was referring to as far as wildly misunderstanding/misstating bits of the technology they are talking about.

The Register piece has much better info. Their bits about which parts are likely and unlikely, possible and impossible, actually make some sense, unlike the bloomberg article.

This topic was automatically closed after 5 days. New replies are no longer allowed.