zlacker

>>zdw+(OP)
Is this related to controversial Bloomberg 2021 piece about China hacking Supermicro servers?

https://www.bloomberg.com/features/2021-supermicro/

>>tiffan+yTa
Not at all, that piece described a supply chain attack replacing a component with a look-alike part analyzing tens to hundreds of gigabits if data, in a form factor so small that it wouldn't be physically possible without semiconducting fabricating processes years in advance of what existed at the time.

What this article is describing is something far more likely— a firmware attack that doesn't require specialized hardware.

>>dlcarr+EWa
Wasn’t the implant supposedly (illogically) implanting custom BMC firmware? This actually always struck me as a somewhat unbelievable part of the story: why install a hardware implant when you could just clip the flash chip and implant something without a physical trace?

>>bri3d+Z1b
Flash can always be reflashed (you'd lose the implant if the customer does any firmware update) but a separate implant chip can remain infected forever.