Rather than simply making a declarative statement, would you mind elaborating on what you feel is impossible and wrong about their article? I am genuinely curious.
the tech tweets mentioned in the registry article speculating about the bloomberg article do explain one way a plausible exploit could be wrought, and the parts of the bloomberg article that are impossible and the parts that are plausible.
most everything of the specifics. how chips work, how they are integrated into motherboards, the size chip you’d need to store the necessary instructions at the time they claim. how anyone would pull off such an attack. what an attack like that could do.
it reads like someone who knows tech words but get most the details wrong and makes a lot of faulty conclusions. but it isn’t just the tech details in the article that are wrong, it is a missing embargo, missing records, companies claiming it never happened.
again, there might be a real story here, but we need good information to really know, right now the only good info is coming from speculators and pure speculation, the original source is absolute crap and anonymous hearsay filtered through a nontechnical game of telephone and we have to decipher the bable speak they think makes sense but truly doesn’t.
I have presumed that a good number of chips made in China have backdoors. The USA use to consider semiconductors a strategic product and ensured we made it in the USA. The same people who ensured we off-shored most of our manufacturing sold out the USA in every dimension. The Banks, Hedge Funds and all the other financial manipulators are the root of almost all our problems and hurling us into utter destruction.
1 Like
My bet is on a secret CPU core, which only does supervision. The core would be remotely controlled by security agencies, and able to access memory used by the other cores.
1 Like
Not really, in the US if you are a public figure, and how could Apple and Amazon not be, then you don’t just need to prove that the statement was false and harmful, but instead you must prove that the statement was false, harmful, and made with the intent to cause harm to the subject of the statement or with reckless disregard for any harm it would cause.
The Bloomberg story comes off more targeting China than Apple or Amazon, without it being a clear hit piece against them it would be hard for a case to stand up in court. Minus some smoking gun about why Bloomberg published this other than they thought it was news worthy any form of defamation lawsuit will get Anti-SLAPPed awfully fast.
I think many would argue Apple and Amazon could be very hurt by this. But SuperMicro? They were definitely hurt, valuation dropped dramatically on this story being published.
That SuperMicro lost stock value helps prove the easiest of the three things that need to be proved in a US defamation lawsuit. Where is the any indication at all that Bloomberg published the article intending to tank the stock price? It’s far more likely that Bloomberg was just trying to do their job and notify the public of a danger to them (while making a buck on a clickbaity exaggerated story).
My point was that lack of a lawsuit tells us nothing about the truth of the story, because it so hard to win that lawsuit that any smart company would avoid it unless they had some rock solid proof that Bloomberg was acting maliciously.
you’ll need to be a bit more specific.
freescale kinettis KL02. 32 KB memory, though.
1 Like
the point of the tech analysts refuting the size claim and the general contention around that point, which i repeat in this thread, was that the engineering feat and manufacturing process to create such a component at the time claimed at the size claimed means someone at the very least isn’t getting their information correct and is exaggerating.
your picture is a record holding chip that is only a piece of what would be needed. being a record holder for tiny size, it is still larger than it would have to be to be part of the required installable component, you can see how quickly their fantasy size falls apart when you include the rest of what you’d need integrate something like into a motherboard so it could intercept and rewrite command signals realtime inline.
the original article bounces around with a ton of various conjectures at that point, it could be sandwiched in the pcb, or, or, or like they are trying on possibility shoes, not reporting on a thing that actually happened in a specific real way that they had facts on. nope.
if they had access to that level of manufacturing it makes much more sense to make cloned altered replacement chips for components that are already connected and supposed to be there, rather than adding something inline somewhere. an attacker would have better options and choices at that stage that would be easier to implement and better hidden.
like i said every single bit stinks with questionability to people in the industry. it isn’t that it is an impossible idea, it is that the teller of this story doesn’t have the specific knowledge to know the nuances of how it would, could, or should go.
imho, what we really need is more information and factual information, first, even better yet a single piece of proof, so far the only source of information, is this highly questionable one full of conjecture and some other people speculating about it and possibilities. i always reserve skepticism and try and determine what the facts are when i see BS piled on BS, until there is more information.
2 Likes
as an asic and sometime board designer, i have to agree with @redesigned here… the bloomberg story seems to have been written by people that think technology is magic, and if you just put a rogue chip somewhere on a motherboard, it can completely take over the board and do whatever it wants to do. that’s really just not how this stuff works.
similar to some of the twitter threads posted in the main story, i believe that if an attack such as this one were to succeed, it would most likely come in the form of stuffing a component (such as a backup boot flash for the management controller) which the BOM calls out as no-stuff. since this type of component would ostensibly be connected to the management controller’s SPI/I2C bus it could probably have a real effect on the code that the management controller is loading and executing. the “signal conditioning” thing does not make sense to me at all, unless the designers of the original board had to create their own A/B flash setup with bus switches or something similar. the ‘signal conditioners’ shown in the twitter threads look like they are for RF purposes, that is, for impedance matching or maybe for EMC purposes (ferrite beads.) generally speaking those types of things are going to be on antennas (or I/O interfaces like ethernet and USB that you dont want to become antennas.
as others here have pointed out, it seems a whole lot easier to just produce compromised flash memories and/or system management controllers which emulate the correct components, and just substitute a reel of those instead of going thru all the trouble of reverse-engineering the boards to figure out what to add.
anyway almost every technical story that i’ve ever read in the mainstream press reads like this story - the reporters didn’t understand at all what they were reporting on, and so the meaning of the story to an engineer is completely unclear and frankly kind of a mess.
1 Like
The latest statement from Apple legal is pretty unequivocal that none of this ever happened. No tampered boards. No contact with any government agency in any way. No internal investigations. Nothing.
I’ve heard it posited that this story was fabricated to be another brick in the administration’s attempts to build a case for more economic actions against China. It is interesting that the two big corporations named in the story are also two corporations on Trump’s hate list. He especially has it in for Amazon.
1 Like
Follow the money…
Super Micro Shares seem to have risen slowly up to the point of the announcement, and then plummeted. If someone wants to short Super Micro shares then this is what we would expect to see. None of the significant shareholders seem to have sold ahead of the publication.
It is possible, but I’ll believe it isn’t capitalism doing its usual thing of smashing stuff up so it can profit from the chaos, when someone finds one of these ‘grain of rice’ chips.
2 Likes
If there is as little evidence for these claims as these companies claim, the only thing left is that the article was malicious, because it was based on unverified, harmful lies about the companies.
It could be. But that does not mean that Bloomberg was malicious. In order to sue Bloomberg and win you need to prove that Bloomberg itself had intent. Harmful intent. And that’s pretty unlikely. At the same time, suing news organizations is really bad PR. Especially credible news organizations like Bloomberg. So they have very real reasons not to sue, unless they can be 100% sure that Bloomberg and its reporters had a specific, identifiable malicious intent.
More likely is that some one who placed, or provided an initial source for the story had malicious intent. In which case you don’t really have grounds to sue Bloomberg. Except maybe to get them to reveal sources. Which is again. Really bad PR. And hasn’t been a particularly successful strategy in the past.
It seems much more like Bloomberg is deeply mistaken. It sounds like they may have based things on 2nd and 3rd hand reports of informal meetings and internal rumors. Discussions of what’s possible, or how such an attack would work if it did happen. Rather than anything like solid info that it had happened.
On the other end of it Apple and Amazon could both be sued and/or fined to high hell if their specific denials aren’t true.
That right there. There’s a HUGE “why” on this. I’m not as informed on the technical side of this as most of you are. My hardware interests top out at “what bits will make my games purty and creation software run fast”. But I have noticed that nearly every technical run down on this. Even the ones that are pointing out that its very feasible, or who believe it did happen. Take pains to note that it’d be easier and less detectable to do it another way. Or that the one part it could have plausibly been targeted given Bloomberg’s details. Is already fundamentally compromised and easy enough to hack remotely.
So why? What does this particular approach. Easy to detect. Very easy to trace. Quite expensive. Get you that all the other things people have been pointing out as possible don’t.
This topic was automatically closed after 5 days. New replies are no longer allowed.
