37 votes

The big hack: How China used a tiny chip to infiltrate US companies

Topic removed by site admin

16 comments

  1. NeoTheFox
    Link
    Even more mind boggling than the fact that China made such a tiny chip with a full-fledged backdoor is the fact that US agencies swallowed that hardware, and so did the private sector. I really...

    Even more mind boggling than the fact that China made such a tiny chip with a full-fledged backdoor is the fact that US agencies swallowed that hardware, and so did the private sector. I really hope that this would at least make the three letter agencies consider producing electronics locally. As for the consumers this is just another reason not to trust anything from China, as well yet another reason no to trust big companies with your data - they will fail you.

    17 votes
  2. [6]
    toly
    Link
    The thing I'm trying to wrap my head around at the moment is whether this is a PRISM type revelation where it's too incredible to believe because it's not true so we end up writing it off or...

    The thing I'm trying to wrap my head around at the moment is whether this is a PRISM type revelation where it's too incredible to believe because it's not true so we end up writing it off or whether it's too huge to ignore. What I've read has me firmly planted in the middle without being able to make up my mind one way or the other.

    On the one hand you've got companies issuing statments that aren't just roundabout denials but explicit unambiguous rebuttals to the articles claims. Which could very well stem from the fact that nothing is going on and this is just bloomberg whipping up a media frenzy based on faulty data or even unknowingly propogating completely made up stories to benefit the China negotiations.

    On the other hand you've got a government that can and has forced companies to deny the existence of programs and investigations. So of course the companies have to vehemently deny anything is going on.

    I'm at a loss as to what the truth might be. Time and more reporting will have to expand on this and what is actually going on.

    15 votes
    1. [5]
      Akir
      Link Parent
      There are reasons to doubt the veracity of the claims of this article. The chip pictured has three contacts, but the issue here is that two of those contacts should be 'taken' - one for power and...

      There are reasons to doubt the veracity of the claims of this article. The chip pictured has three contacts, but the issue here is that two of those contacts should be 'taken' - one for power and one for ground. So there is only one contact that can be used to receive or transmit data. There are single-wire data connections like 1Wire where power and low-speed bidirectional data are sent through a single conductor, but I doubt that this bus would be implemented in a server, at least for any sensitive data.Most of that is going through the CPU bus, and you'd need at least 64 of them plus a way to synchronize their actions in order to do that.

      Keep in mind that I'm not an electrical engineer, so I don't know enough to fully discredit the claims in the article. I want to believe it, but at the same time the US propaganda machine is revving up against China right now.

      4 votes
      1. [4]
        sublime_aenima
        Link Parent
        It looks to me like it has 6 when you look at the image with the penny, there are three on each side.

        It looks to me like it has 6 when you look at the image with the penny, there are three on each side.

        4 votes
        1. [3]
          Akir
          Link Parent
          I couldn't make that out in my phone before. That increases the likeliness that this could work, but it would still be limited to slow serial busses like I2C, SPI, and UART. These are things that...

          I couldn't make that out in my phone before. That increases the likeliness that this could work, but it would still be limited to slow serial busses like I2C, SPI, and UART. These are things that are built into many computers; if you are using a PS/2 keyboard, it's likely handled by a device on one of these busses, which would make it possible to record and send keystrokes. With that being said, it wouldn't have access to the network, since that needs a much faster link than a serial bus can provide, and servers would not use PS/2 keyboards since they are run headless to begin with.

          The biggest problem with this kind of chip is that it's fundamentally different from the couplers that the article is referring to, which are typically passive devices like capacitors. It would require that the circuit board be redesigned, which can be very difficult when it comes to dense multilayer designs like this. That would usually require moving components around as well. Are these companies not physically inspecting their hardware anymore?

          5 votes
          1. [2]
            toly
            Link Parent
            The Apple release seems to indicate that inspections are performed, to what depth though is the question

            The Apple release seems to indicate that inspections are performed, to what depth though is the question

            As a matter of practice, before servers are put into production at Apple they are inspected for security vulnerabilities and we update all firmware and software with the latest protections.
            That means something could have slipped by but also that there wasn't anything there in the first place.

            2 votes
            1. unknown user
              Link Parent
              Yeah, there's no mention of actual hardware validation there. Although conceivable that could come under the umbrella of "security vulnerabilities".

              Yeah, there's no mention of actual hardware validation there. Although conceivable that could come under the umbrella of "security vulnerabilities".

              3 votes
  3. [4]
    Deimos
    Link
    Here's a follow-up post on Daring Fireball about this story: https://daringfireball.net/2018/10/bloomberg_the_big_hack It also links to denials from both Amazon and Apple: Amazon:...
    9 votes
    1. [3]
      cfabbro
      Link Parent
      From the daringfireball article: tinfoil hat time! While those do seem to be the only the two options... I think another factor at play here may be that Apple & Amazon might have been...

      From the daringfireball article:

      I see no way around it: either Bloomberg’s report is significantly wrong, at least as pertains to Amazon and Apple, or Apple and Amazon have issued blatantly false denials.

      tinfoil hat time! While those do seem to be the only the two options... I think another factor at play here may be that Apple & Amazon might have been ordered/asked to keep quiet about their knowledge of the chips so that Western intelligence agencies could run a misinformation campaign through the compromised servers. But now that the Chinese know that everyone else knows about the chips thanks to Bloomberg, that will certainly undermine any efforts in that regard and the companies involved will probably eventually come clean once they get the go-ahead from the various Western governments.

      5 votes
      1. [2]
        KapteinB
        Link Parent
        To me Apple's response sounds a lot less vague and deflecting than their response to the PRISM leak. This doesn't in itself prove anything, but I found it interesting.

        To me Apple's response sounds a lot less vague and deflecting than their response to the PRISM leak. This doesn't in itself prove anything, but I found it interesting.

        4 votes
  4. [2]
    patience_limited
    Link
    There's an interesting little detail in the Bloomberg article which makes it seem more credible - that it wasn't merely a visible chip, but that the subverted fabrication plans ultimately...

    There's an interesting little detail in the Bloomberg article which makes it seem more credible - that it wasn't merely a visible chip, but that the subverted fabrication plans ultimately incorporated an even more miniaturized component in the fiberglass layers of the boards.

    Multi-layer fab has been around for decades, and there are all kinds of bridging connections in each layer. If you can make the component small enough (and we've reached > 100 million transistors/sq. mm), there's no reason you couldn't hide a very sophisticated hardware backdoor in the motherboard substrate. It doesn't even have to be terribly sophisticated, since it's leveraging the server board's baseboard management controller. BMCs are notorious for security issues in the first place, and any interception of control at that level would allow exactly what the Bloomberg article describes.

    The added touches of veracity are the detections through anomalous firmware behavior and network traffic.

    What's missing from the discussion is why China would attempt such a widespread and risky intervention. There are so many other methods for exfiltrating data, and this is a particularly aggressive move that has offensive capabilities (bricking servers, sending malicious instructions to critical systems, etc.). When detected, it's guaranteed to kill trade for any affected companies, create generations of suspicion... If I was a foreign policy wonk, I'd say China, too, thinks it's now in a commanding military position and can take these risks with impunity. Or, at least, some portions of the Chinese leadership.

    5 votes
    1. Akir
      Link Parent
      Yeah, that was the part I was actually close to believing. I haven't heard of it being done before, but I don't believe that it's impossible. We are even to a point where we can build "3D"...

      Yeah, that was the part I was actually close to believing. I haven't heard of it being done before, but I don't believe that it's impossible. We are even to a point where we can build "3D" antennas in the board.

      I think it would still be difficult to do, though. The resistors themselves may be tiny, but the silicon wafer can't get too thin before it becomes too thin to handle and too difficult to cut into individual chips.

      Sealing chips in the substrate is a very novel idea, though; you'd basically have an SOM that you can customize and build support circuitry directly on top and below. That would probably have more than a few new design headaches associated with high-frequency signalling, though.

      3 votes
  5. [3]
    helbonikster
    Link
    I can’t believe any of the companies (Apple, Amazon), and especially the 3-letter agencies wouldn’t quarantine these servers on arrival and do a complete forensic analysis before implementing them...

    I can’t believe any of the companies (Apple, Amazon), and especially the 3-letter agencies wouldn’t quarantine these servers on arrival and do a complete forensic analysis before implementing them into their architecture.

    2 votes
    1. KapteinB
      Link Parent
      Every single one? Thorough forensics on thousands upon thousands of servers? I imagine they sample them, picking a few at random to go through rigorous analysis, including analysing all network...

      Every single one? Thorough forensics on thousands upon thousands of servers?

      I imagine they sample them, picking a few at random to go through rigorous analysis, including analysing all network traffic, and completely dismantling them looking for hidden hardware. But there are probably ways to avoid detection, maybe as simple as setting a timer on the chip not to do anything malicious for the first month after first power on for example.

      3 votes
    2. toly
      Link Parent
      A complete forensic analysis might not be realistic but from the Apple release

      A complete forensic analysis might not be realistic but from the Apple release

      As a matter of practice, before servers are put into production at Apple they are inspected for security vulnerabilities and we update all firmware and software with the latest protections.
      So it doesn't sound like they just plug and play with the servers.

      2 votes