zlacker

Is this related to controversial Bloomberg 2021 piece about China hacking Supermicro servers?

https://www.bloomberg.com/features/2021-supermicro/

>>tiffan+(OP)
Not at all, that piece described a supply chain attack replacing a component with a look-alike part analyzing tens to hundreds of gigabits if data, in a form factor so small that it wouldn't be physically possible without semiconducting fabricating processes years in advance of what existed at the time.

What this article is describing is something far more likely— a firmware attack that doesn't require specialized hardware.

>>dlcarr+63
Wasn’t the implant supposedly (illogically) implanting custom BMC firmware? This actually always struck me as a somewhat unbelievable part of the story: why install a hardware implant when you could just clip the flash chip and implant something without a physical trace?

>>bri3d+r8
Flash can always be reflashed (you'd lose the implant if the customer does any firmware update) but a separate implant chip can remain infected forever.

>>dlcarr+63
FWIW, the claim in the Bloomberg article was never validated, no one pulled a Supermicro server that had the supposed components. Zero proof since the story was published in 2018 that it wasn't nonsense.

>>wmf+0a
That’s fair - the first thing I’d put in my implant firmware would be a fake firmware updater, but I suppose trading guaranteed persistence for physical detection would be a reasonable tradeoff in some places.

>>WillPo+xd
Including Amazon, Meta or whomever else was mentioned in that article, all saying "What? That never happened". There's little reason to cover up the discovery of something like this, from an end-user perspective.

>>WillPo+xd
Yeah, it was a pretty bizarre story, given it's the kind of thing that definitely happens (though probably through more straightforward just tampering with the firmware), that it was very specific and yet all the details failed to add up.

>>bri3d+r8
The Bloomberg article specifically mentioned the attack occurring through the addition of extra hardware:

    “In early 2018, two security companies that I advise were briefed by the FBI’s counterintelligence division investigating this discovery of added malicious chips on Supermicro’s motherboards,” said Mike Janke, a former Navy SEAL who co-founded DataTribe, a venture capital firm. “These two companies were subsequently involved in the government investigation, where they used advanced hardware forensics on the actual tampered Supermicro boards to validate the existence of the added malicious chips.”

>>dlcarr+63
> with a look-alike part analyzing tens to hundreds of gigabits if data, in a form factor so small that it wouldn't be physically possible without semiconducting fabricating processes years in advance of what existed at the time.

I'm not sure where you got that idea. The article describes a tiny microcontroller, attached to the read pins of the BMC's boot flash, flipping a few bits in transit from the flash ROM to the BMC SoC as the BMC boots. This is not only practically possible, it's very similar to the technique used to hack the original Xbox and by many console mod chips. And is sufficient to boot the BMC in a vulnerable state for the next chain of an attack.

Nothing about the exploit claimed in the article was impossible or even novel.

That said, I'm not aware of any physical boards found to have the compromised hardware outside of those Bloomberg claim to have witnessed.