Chinese Hardware-Hacking

uair01

Justified & Ancient
Joined
Apr 12, 2005
Messages
2,165
Likes
1,456
Points
169
Location
Rotterdam
#1
Cool story:
https://www.bloomberg.com/news/feat...ny-chip-to-infiltrate-america-s-top-companies

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

But many security specialists have doubts especially because the victims have denied being hacked:
https://www.computerworld.com.au/ar...eny-bloomberg-report-chinese-hardware-attack/

Apple said it had refuted "virtually every aspect" of the story in on-record responses to Bloomberg. "Apple has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server," the company said. Amazon Web Services (AWS) said it found no issues.

Both sides of the story:
https://supchina.com/2018/10/04/did...mazon-and-nearly-30-major-american-companies/
 

James_H

And I like to roam the land
Joined
May 18, 2002
Messages
6,444
Likes
3,559
Points
259
#2
It's hard to know where genuine reporting of the undoubtedly nefarious activities of the Chinese government end and sinophobic scaremongering begins. It's a little like the situation with Russia.

I have noticed that a lot of stories on China in the western press are not well fact-checked and play up differences and stereotypes.

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice
Hmmm.

If the companies who are supposed to have been hacked deny it, does this story have legs?
 

uair01

Justified & Ancient
Joined
Apr 12, 2005
Messages
2,165
Likes
1,456
Points
169
Location
Rotterdam
#3
John McAfee (for what it's worth):
The irony in all this is that the hardware provided by China to a U.S. company was most certainly used by the U S. government at some point, with added software, as an attempted means of spying on China, and other countries. The twisted nature of this world predicament, will, I predict, reveal itself at an accelerating rate. It should be fun to watch.

https://loggiaonfire.com/magazine/e..._our_devices_into_spy_devices_1538748801.html
 

James_H

And I like to roam the land
Joined
May 18, 2002
Messages
6,444
Likes
3,559
Points
259
#5
Time to stop buying computers made in China?
I recently thought about buying one of those robot vacuum cleaners (I thought it was cheaper than it actually was, lol) – a model made by xiaomi. I may be paranoid, but the thought that it might be listening in to everything in my house (plus the actual price) stayed my hand.
 

Coal

Polymath Renaissance Man, Italian Wiccan Anarchist
Joined
Jun 27, 2015
Messages
8,866
Likes
10,695
Points
279
#6
The boy had a free wifi router in his uni room. Made in China. I suggested he change it's password from the default.
 

uair01

Justified & Ancient
Joined
Apr 12, 2005
Messages
2,165
Likes
1,456
Points
169
Location
Rotterdam
#7
One theory is that the reporters misunderstood a much less significant incident in which a SuperMicro driver, not firmware, was briefly trojaned. A second theory is that someone wanted an anti-China story in the press and fed the reporters false information. Given that many of the sources come from the government and intelligence community, this theory is plausible. A third possibility is that a hardware backdoor was found in some SuperMicro device somewhere, and the reporters misunderstood or were lied to and thought it was pervasive. It is reasonable that the CIA's Elemental video processing server mentioned in the article would be individually targeted by a hardware backdoor. These theories are speculative, of course. My personal guess is that it's the latter two theories.

https://www.quora.com/How-serious-i...-giants-by-Chinese-spies/answer/David-Seidman

Sounds plausible,
 

uair01

Justified & Ancient
Joined
Apr 12, 2005
Messages
2,165
Likes
1,456
Points
169
Location
Rotterdam
#8
On the other hand:

Apple has begun designing its own servers partly because of suspicions that hardware is being intercepted before it gets delivered to Apple, according to a report yesterday from The Information. "Apple has long suspected that servers it ordered from the traditional supply chain were intercepted during shipping, with additional chips and firmware added to them by unknown third parties in order to make them vulnerable to infiltration, according to a person familiar with the matter," the report said. "At one point, Apple even assigned people to take photographs of motherboards and annotate the function of each chip, explaining why it was supposed to be there. Building its own servers with motherboards it designed would be the most surefire way for Apple to prevent unauthorized snooping via extra chips."

https://news.ycombinator.com/item?id=18148749
 

Ermintruder

Existential pixelfixer
Joined
Jul 13, 2013
Messages
5,162
Likes
6,670
Points
284
#9
These sorts of stories are highly-dubious, on all sorts of levels. Whilst there are well-established systems that can (and do) attempt to drip-feed information back to an external intended recipient, data types and path-routes are always capable of being analysed.

Modern firewalls used within government and high-end commerce are able to filter both incoming and outgoing content, with deep packet analysis and continuous content monitoring.

Also: if I was wanting to introduce a 'bit bugging back-door' into a sold piece of infrastructure (a so called 'trojan talker'), why would I fit a "grain of rice" additional chip? Why wouldn't I build that into the actual die-masks of the main VLSI chips themselves at sub-bus level?

No. Anything even like this that goes on is much-more....integral, in every sense.

I shall now demonstrate to you a classic conjouring trick...keep watching my right hand. Not my left hand. Now, did you see what I did there? Almost all of you were watching my left hand, because of what I said. That's alright, you're welcome. And do you want your shoes back?
 

Analis

Justified & Ancient
Joined
Apr 12, 2006
Messages
1,620
Likes
352
Points
99
#10
On the other hand:

Apple has begun designing its own servers partly because of suspicions that hardware is being intercepted before it gets delivered to Apple, according to a report yesterday from The Information. "Apple has long suspected that servers it ordered from the traditional supply chain were intercepted during shipping, with additional chips and firmware added to them by unknown third parties in order to make them vulnerable to infiltration, according to a person familiar with the matter," the report said.
I remember that a few links about similar accusations had been posted. But the culprits were the CIA, which explains that it didn't make many waves in the mainstream press.
 

Mythopoeika

I am a meat popsicle
Joined
Sep 18, 2001
Messages
34,861
Likes
20,498
Points
309
Location
Inside a starship, watching puny humans from afar
#11
The other day, I was drafted into doing some hardware assembly at my main place of work. I was essentially assembling cards into metal boxes and then testing them. I was putting a card in when a tiny chip (like the one being discussed here) fell off the board onto the workbench. I thought there was a problem, so the senior engineer had a look at the board. Nothing wrong, just a spare chip knocking about. The big boss came over and told us that when our board assembly company re-engineers a board, they leave the offending part in the packet.
So...this spare chip on the board... is it up to no good, or is it just... spare?
 

Ermintruder

Existential pixelfixer
Joined
Jul 13, 2013
Messages
5,162
Likes
6,670
Points
284
#12
So...this spare chip on the board... is it up to no good, or is it just... spare?
Well, exactly. And as you are no doubt aware, in a production setting it can cost more to create regional/market variations, so counterintuitively, leaving unnecessary chips fitted to PCBs can save (not cost) money
 
Last edited:

Coal

Polymath Renaissance Man, Italian Wiccan Anarchist
Joined
Jun 27, 2015
Messages
8,866
Likes
10,695
Points
279
#13
Also: if I was wanting to introduce a 'bit bugging back-door' into a sold piece of infrastructure (a so called 'trojan talker'), why would I fit a "grain of rice" additional chip? Why wouldn't I build that into the actual die-masks of the main VLSI chips themselves at sub-bus level?
^this^: I design electronics, a journeyman not a genius, and if I wanted to put in a back door you'd struggle to find it or see it. There are so many ways...
 

Ermintruder

Existential pixelfixer
Joined
Jul 13, 2013
Messages
5,162
Likes
6,670
Points
284
#14
There are so many ways...
Since you are involved in electronics design, you'll also then understand the concept of multi-layer PCBs, internal vias, potted modules, piggyback parallel SMD etc (all of which can give zero physical evidence of unauthorised additionality at discrete component level).

But thinking about it further @Coal - what about PLCCs (as in programable logic controllers) with inherent spare capacity as standard, or the modern-day equivalent of large PROM/EAROM with memory array capacity that will always exceed the basic requirements for main function?

There can be all sorts of reasons for hearing the superficially-shocking news that a 'spy has been found in the camp'.

Propaganda is always a complex beast....Cui Bono? Omnibus et neminem
 
Last edited:

uair01

Justified & Ancient
Joined
Apr 12, 2005
Messages
2,165
Likes
1,456
Points
169
Location
Rotterdam
#15
The big debunking … a bit too big maybe? :) (no, don't think so)

Apple Insiders Say Nobody Internally Knows What’s Going On With Bloomberg’s China Hack Story
“I don’t know if something like this even exists.”
https://www.buzzfeednews.com/article/johnpaczkowski/apple-china-hacking-bloomberg-servers-spies-fbi

Statement from DHS Press Secretary on Recent Media Reports of Potential Supply Chain Compromise
The Department of Homeland Security is aware of the media reports of a technology supply chain compromise. Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story.
https://www.dhs.gov/news/2018/10/06...dia-reports-potential-supply-chain-compromise

U.S. Agency Backs Tech Firms That Deny China Hacked Their System
In emailed statements, Amazon, Apple, Supermicro and the Chinese government disputed Bloomberg Businessweek’s reporting.
https://www.bloomberg.com/news/arti...-companies-denying-china-hacked-their-systems

Bloomberg Reports China Infiltrated the Supermicro Supply Chain We Investigate
https://www.servethehome.com/bloomb...d-the-supermicro-supply-chain-we-investigate/
Cool technical article … and this: A new conspiracy theory :)
First and foremost, I think we need to call for an immediate SEC investigation around anyone who has recently taken short positions or sold shares in Supermicro. With the accompanying Supermicro stock price hit that was foreseeable prior to the story, if anyone knew the story would be published, and acted on that non-public or classified information, the SEC needs to take action. There seems to have been over 20 people that knew about this.

And this seems a good analysis. More frightening than the article itself :)

https://blog.erratasec.com/2018/10/notes-on-bloomberg-supermicro-supply.html#.W7pjsfZuJpg
The technical detail that's missing from the story is that the supply chain is already messed up with fake chips rather than malicious chips. Reputable vendors spend a lot of time ensuring quality, reliability, tolerances, ability to withstand harsh environments, and so on. Even the simplest of chips can command a price premium when they are well made.

What happens is that other companies make clones that are cheaper and lower quality. They are just good enough to pass testing, but fail in the real world. They may not even be completely fake chips. They may be bad chips the original manufacturer discarded, or chips the night shift at the factory secretly ran through on the equipment -- but with less quality control.
 
Last edited:

Coal

Polymath Renaissance Man, Italian Wiccan Anarchist
Joined
Jun 27, 2015
Messages
8,866
Likes
10,695
Points
279
#16
But thinking about it further @Coal - what about PLCCs (as in programable logic controllers) with inherent spare capacity as standard, or the modern-day equivalent of large PROM/EAROM with memory array capacity that will always exceed the basic requirements for main function?
You'd just have third party infiltrate the PLCC image...for any given piece of programmable logic the image field has the same maximum size irrespective of the program, so swapping out the firmware with 'your' firmware would be invisible. You might even be able to swap the PLCC for one with more internal resources but with the same external size/footprint and put all sorts of stuff in it. All invisible...thinking about it, if money was no object, burying an IC die inside a multiplayer PCB might be quite feasible.
 

Xanatic*

Justified & Ancient
Joined
Mar 10, 2015
Messages
3,009
Likes
2,335
Points
154
#18
What are the odds that any big device made in China, has a killswitch that the chinese can activate in case of war?
 

Ermintruder

Existential pixelfixer
Joined
Jul 13, 2013
Messages
5,162
Likes
6,670
Points
284
#19
What are the odds that any big device made in China, has a killswitch that the chinese can activate in case of war?
The odds (in terms of the hypothetical hazard becoming a reality) are probably about the same as those in 1999 of the Millennium Bug destroying big chunks of the world.

I make this comparison deliberately.

Prior to 2000, the vast majority of genuinely-technical people knew it was 99.8% utter nonsense.

The massive tribe of pseudo-technical leeches who paid off their mortgages with it shook their heads in mock preparatory precaution for the "end times" and signed-up for courses as HTML developers and HR advisors, starting Easter 2000.

And the bewildered, trusting, uneducated masses of the world counted down the seconds to the 'horrifying armageddon' that occurred at midnight on 31 Dec 1999....yes, for all those redundant Project2000/Millennium Bug techies, it was absolutely terrible. They all had to go and get real(-er) jobs...
 

uair01

Justified & Ancient
Joined
Apr 12, 2005
Messages
2,165
Likes
1,456
Points
169
Location
Rotterdam
#20
The Pentagon intends to invest in domestic manufacturing to reduce its over-reliance on Chinese and other foreign-made parts in American weapons, top defense officials said Thursday.

The U.S. reliance on China is one of many areas discussed in a 146-page report about the health of the defense industrial base that President Trump is scheduled to release on Friday during an event at the White House.

“The assessment recognizes the global nature of our supply chains and really addresses the need for strengthening alliances and partnerships so that we can jointly address industrial base risk,” Ellen Lord, undersecretary for acquisition and sustainment, said Thursday evening during a briefing at the Pentagon.

Pentagon leaders will ask Congress for additional funding for mitigation efforts in its fiscal 2020 budget request to Congress early next year, defense officials said.

https://www.defenseone.com/business/2018/10/trump-wants-chinese-parts-out-american-weapons/151821/
 

Coal

Polymath Renaissance Man, Italian Wiccan Anarchist
Joined
Jun 27, 2015
Messages
8,866
Likes
10,695
Points
279
#21
The Pentagon intends to invest in domestic manufacturing to reduce its over-reliance on Chinese and other foreign-made parts in American weapons, top defense officials said Thursday.

The U.S. reliance on China is one of many areas discussed in a 146-page report about the health of the defense industrial base that President Trump is scheduled to release on Friday during an event at the White House.

“The assessment recognizes the global nature of our supply chains and really addresses the need for strengthening alliances and partnerships so that we can jointly address industrial base risk,” Ellen Lord, undersecretary for acquisition and sustainment, said Thursday evening during a briefing at the Pentagon.

Pentagon leaders will ask Congress for additional funding for mitigation efforts in its fiscal 2020 budget request to Congress early next year, defense officials said.

https://www.defenseone.com/business/2018/10/trump-wants-chinese-parts-out-american-weapons/151821/
*sound of penny dropping*
 

uair01

Justified & Ancient
Joined
Apr 12, 2005
Messages
2,165
Likes
1,456
Points
169
Location
Rotterdam
#22
SupChina @supchinanews
Bloomberg's stories on Chinese hacking of U.S. hardware have been widely criticized in the cybersecurity community, and there's speculation that someone, perhaps in the U.S. government, is generating fake news to cast suspicion on China:
https://supchina.com/2018/10/16/explaining-the-controversy-around-bloombergs-big-hack-reporting/

The absence of evidence has led to speculation that someone, perhaps the U.S. government, is generating fake news to cast suspicion on China. After all, supply chain security is a hot topic. Over the past year, the U.S. has grown increasingly vocal in expressing its concern that allowing Chinese vendors to participate in 5G networks could lead to them being compromised with potential security backdoors. Still, there has been no smoking gun made public on Huawei and ZTE, the two leading Chinese firms developing 5G technology.
 

INT21

Justified & Ancient
Joined
Jul 18, 2016
Messages
4,760
Likes
3,284
Points
154
#23
Ermintruder,

...Omnibus...

Never mind the omnibus. It's whats patched onto the data bus that counts.

INT21
 

Ermintruder

Existential pixelfixer
Joined
Jul 13, 2013
Messages
5,162
Likes
6,670
Points
284
#24
@INT21 No doubt you are noting the context of my use of the Latin word omnibus is in the broader original (pre public transport) meaning of 'everyone' (or at least a large sub-collective of substantiallity) and conversely 'no-one' (id est 'neminem' in Latin, the largely-unadduced soubriquet of the quiet, shy and reserved Marshall Mathers III).

I'm unsure whether you're in shared agreement with the point being made that any such parasitic data monitoring (were it actual) could in principle be done on a much-more integrated way than is being reported: not so much on the databus, but within it. Therefore no massive flag-waving grains of rice - more as being (one might say) sprites in the wires (since ghosts are already in their respective machines- we'd think)
 

AlchoPwn

Public Service is my Motto.
Joined
Nov 2, 2017
Messages
1,442
Likes
1,916
Points
154
#25
The ridiculous thing about putting such devices onto boards is that while they provide a back door into "enemy" systems, they also provide a back door into one's own systems. Now at best, the Chinese have only put those components on boards they manufacture for domestic and export use, thinking themselves having solved something, while actually merely making their goods un-exportable, and thus destroying their industry. At worst, they are using their components themselves and have dropped their pants entirely. It is a typical heavy handed state-actor approach to a problem, designed by a committee no doubt.
 

INT21

Justified & Ancient
Joined
Jul 18, 2016
Messages
4,760
Likes
3,284
Points
154
#26
Ermintruder,

Putting the Latin to one side.

Yes, I agree that any spyware would be somewhere inside one of the chips.
So if you didn't know how to run search software that is able to find this, you won't ever know it is there.

Being somewhat cynical, I suspect that there are quite a number of chips that are engaged in work that isn't in your best interest.

It's a bit like VPN programs.

How do you know they are working ? Or what the 'ghost' server is doing with your data.

INT21
 

markrkingston1

Ephemeral Spectre
Joined
Aug 4, 2007
Messages
415
Likes
293
Points
79
Location
London, England
#30
Just a thought though; if we're genuinely concerned about Chinese technology having some sort of sinister "back door" built it, which could compromise national and personal security, is it really a sensible idea to let the Chinese build the Hinkley Point nuclear reactor?
No, it's not sensible. MI5 or MI6, I forget which, warned that it was dangerous for national security.

And using Chinese vendors' hardware as central parts of one's national communications infrastructure is also very, very stupid. But it continues[1]. Why? Because it's cheap and convenient.

Humans are stupid. Cheapness and convenience wins out every time over safety, security, and resilience.



Footnote:-
1: Well, it looks like things might be slowly changing. At last. E.g BT to remove Huawei equipment from its core 4G network: FT
 
Top