Supermicro server motherboards with hardware backdoor?

Whether it turns out to be true or not, this will be the biggest 
security blockbuster of the decade.

<https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies>

Clifford Heath

On 10/05/18 00:29, Clifford Heath wrote:
> Whether it turns out to be true or not, this will be the biggest
> security blockbuster of the decade.
>
> <https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-

used-a-tiny-chip-to-infiltrate-america-s-top-companies>
>
>
> Clifford Heath

Couple of articles in The Register as well. Have said for years that
we should keep the Chinese at arms length for hi tech, as even if they
are not stealing the ip, they have more than enough reason to subvert
the designs for their own good and the intellect to implement it. All
good and furry on the outside, cheap manufacturing etc, but an
undemocratic police state at core, with an expansionist agenda.

More than ever, nations progress through advances in the sciences and
technology and it should be considered a national security asset.
Don't need a tinfoil hat to see that...

Chris

On a sunny day (Fri, 5 Oct 2018 09:29:55 +1000) it happened Clifford Heath
<no.spam@please.net> wrote in <WnxtD.55769$6y.40842@fx09.iad>:

>Whether it turns out to be true or not, this will be the biggest 
>security blockbuster of the decade.
>
><https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
>>
>
>Clifford Heath

Talk about politics, the news is full of 'China has done it'
'Russia has done it', all fake news originating from trumpesite infiltrated organizations.
Same here, Netherlands, gov echoing 'Russia bad ',
in the mean time the international court of justice in The Hague here is threatened by the war mongering US
as it it ordered that same US to end sanctions against Iran,
US industry and consumers are paying more an more for their home appliances and fuel,
large parts of US industry suffer under the tariffs imposed by that clueless reality show host posing as 'president',
and microsoft spy software is forced upon hardware sellers with modified BIOSes so it won't run anything else,
every Intel processor if full of security holes, same for the what's it on board chips.
Spy satellites look at what is on your plate, everything is listened to and recorded by same US and there slave states,
I wanted to write to nl.politics where are we now, let's make our own nukes and take over that silly club there in N America,
let's be great again.
Days of Piet Hein
 https://en.wikipedia.org/wiki/Piet_Pieterszoon_Hein

Don't be a US slave.

Respect Russia and China.
STAND UP!

pussies
hehe

On 05.10.2018 10:27, Jan Panteltje wrote:
> On a sunny day (Fri, 5 Oct 2018 09:29:55 +1000) it happened Clifford Heath
> <no.spam@please.net> wrote in <WnxtD.55769$6y.40842@fx09.iad>:
>
>> Whether it turns out to be true or not, this will be the biggest
>> security blockbuster of the decade.
>>
>> <https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
>>>
>>
>> Clifford Heath
>
> Talk about politics, the news is full of 'China has done it'
> 'Russia has done it', all fake news originating from trumpesite infiltrated organizations.
> Same here, Netherlands, gov echoing 'Russia bad ',
> in the mean time the international court of justice in The Hague here is threatened by the war mongering US
> as it it ordered that same US to end sanctions against Iran,
> US industry and consumers are paying more an more for their home appliances and fuel,
> large parts of US industry suffer under the tariffs imposed by that clueless reality show host posing as 'president',
> and microsoft spy software is forced upon hardware sellers with modified BIOSes so it won't run anything else,
> every Intel processor if full of security holes, same for the what's it on board chips.
> Spy satellites look at what is on your plate, everything is listened to and recorded by same US and there slave states,
> I wanted to write to nl.politics where are we now, let's make our own nukes and take over that silly club there in N America,
> let's be great again.
> Days of Piet Hein
>  https://en.wikipedia.org/wiki/Piet_Pieterszoon_Hein
>
> Don't be a US slave.
>
> Respect Russia and China.
> STAND UP!
>
> pussies
> hehe
>


It's interesting how a lot of political discussions are poorly 
understood psychology in a nutshell.

Presumably, you feel insecure because of the world politics, and you 
want nukes. But suppose you had nukes. Would that make you feel more secure?

I believe, that if the problem lies in some kind of a shared feeling of 
insecurity, then we don't need more nukes. We need more art, more 
culture, more things which make us happier.

Gene.

On a sunny day (Fri, 5 Oct 2018 11:12:22 +0300) it happened Gene Filatov
<evgeny.filatov@ieee.org> wrote in <I1FtD.273300$Vl2.204335@fx46.iad>:

>On 05.10.2018 10:27, Jan Panteltje wrote:
>> On a sunny day (Fri, 5 Oct 2018 09:29:55 +1000) it happened Clifford Heath
>> <no.spam@please.net> wrote in <WnxtD.55769$6y.40842@fx09.iad>:
>>
>>> Whether it turns out to be true or not, this will be the biggest
>>> security blockbuster of the decade.
>>>
>>>
>>> <https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
>>>>
>>>
>>> Clifford Heath
>>
>> Talk about politics, the news is full of 'China has done it'
>> 'Russia has done it', all fake news originating from trumpesite infiltrated organizations.
>> Same here, Netherlands, gov echoing 'Russia bad ',
>> in the mean time the international court of justice in The Hague here is threatened by the war mongering US
>> as it it ordered that same US to end sanctions against Iran,
>> US industry and consumers are paying more an more for their home appliances and fuel,
>> large parts of US industry suffer under the tariffs imposed by that clueless reality show host posing as 'president',
>> and microsoft spy software is forced upon hardware sellers with modified BIOSes so it won't run anything else,
>> every Intel processor if full of security holes, same for the what's it on board chips.
>> Spy satellites look at what is on your plate, everything is listened to and recorded by same US and there slave states,
>> I wanted to write to nl.politics where are we now, let's make our own nukes and take over that silly club there in N America,
>> let's be great again.
>> Days of Piet Hein
>>  https://en.wikipedia.org/wiki/Piet_Pieterszoon_Hein
>>
>> Don't be a US slave.
>>
>> Respect Russia and China.
>> STAND UP!
>>
>> pussies
>> hehe
>>
>
>
>It's interesting how a lot of political discussions are poorly 
>understood psychology in a nutshell.
>
>Presumably, you feel insecure because of the world politics, and you 
>want nukes. But suppose you had nukes. Would that make you feel more secure?
>
>I believe, that if the problem lies in some kind of a shared feeling of 
>insecurity, then we don't need more nukes. We need more art, more 
>culture, more things which make us happier.
>
>Gene.

Personally I believe in the right of the strongest [1].
US falling victim to decadence and stupidity snake oil, racism, climate change, 
the list is endless.
 

[1] That includes intellect to defeat the competition in evolution.
    Empires are being digged up and people wonder why those ended.

Same will happen in N 'merrica.
Already it is falling apart internally, all it takes is to march in there and free the people.

In comp.arch.embedded Clifford Heath <no.spam@please.net> wrote:
> Whether it turns out to be true or not, this will be the biggest 
> security blockbuster of the decade.
> 
> <https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies>

This is my analysis:
https://www.lightbluetouchpaper.org/2018/10/05/making-sense-of-the-supermicro-motherboard-attack/

Theo

On 10/05/2018 08:28 AM, Theo Markettos wrote:
> In comp.arch.embedded Clifford Heath <no.spam@please.net> wrote:
>> Whether it turns out to be true or not, this will be the biggest
>> security blockbuster of the decade.
>>
>> <https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies>
> 
> This is my analysis:
> https://www.lightbluetouchpaper.org/2018/10/05/making-sense-of-the-supermicro-motherboard-attack/
> 
> Theo
> 

Thanks for that write-up, but why do you find it more feasible that the 
firmware's being fetched across the network than that the interceptor 
chip simply has 32Mb of flash on it?  It seems like that additional 
network traffic at boot time would be a pretty recognizable signature.

-- 
Rob Gaddi, Highland Technology -- www.highlandtechnology.com
Email address domain is currently out of order.  See above to fix.

On Friday, October 5, 2018 at 11:28:27 AM UTC-4, Theo Markettos wrote:
> In comp.arch.embedded Clifford Heath <no.spam@please.net> wrote:
> > Whether it turns out to be true or not, this will be the biggest 
> > security blockbuster of the decade.
> > 
> > <https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies>
> 
> This is my analysis:
> https://www.lightbluetouchpaper.org/2018/10/05/making-sense-of-the-supermicro-motherboard-attack/
> 
> Theo

Very interesting. Thanks.

In comp.arch.embedded Rob Gaddi <rgaddi@highlandtechnology.invalid> wrote:
> Thanks for that write-up, but why do you find it more feasible that the 
> firmware's being fetched across the network than that the interceptor 
> chip simply has 32Mb of flash on it?  It seems like that additional 
> network traffic at boot time would be a pretty recognizable signature.

It is possible that the implant is simply replacing the existing QSPI flash,
but then a firmware update would either replace it, or the update checksum
would fail.  So it has to be something that keeps the original flash
functioning and tampers with it conditionally.

A regular SPI flash chip couldn't that.  A very basic flash edit (overdrive
the real data lines and force some bytes of config settings) could be done
in a CPLD - I didn't check what die sizes vendors have, but they can be
small.  An FPGA would likely be too big.

A full custom chip is also feasible, but in another league in terms of
costs.

Theo

On 05 Oct 2018 16:28:21 +0100 (BST), Theo Markettos
<theom+news@chiark.greenend.org.uk> wrote:

>In comp.arch.embedded Clifford Heath <no.spam@please.net> wrote:
>> Whether it turns out to be true or not, this will be the biggest 
>> security blockbuster of the decade.
>> 
>> <https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies>

>This is my analysis:
>https://www.lightbluetouchpaper.org/2018/10/05/making-sense-of-the-supermicro-motherboard-attack/
>Theo

Thanks.  Nicely thought out blog article.  I agree that putting the
chip on the SPI bus would be the ideal location.  I might add that is
would be possible to add microcode instructions to the CPU via the SPI
bus (depending on how the added chip is wired into the system). 

Some deficiencies and unanswered questions in the original Bloomberg
article:

1.  Since Bloomberg apparently has possession of several of these
mystery chips, why haven't anyone done an autopsy or xray analysis on
what's inside?  From the few photos, it looks like a resistor network.
<https://www.siricomindia.com/wp-content/uploads/2016/08/Chip-Resistor-array-300x300.jpg>

2.  If I wanted to compromise a server, it would much easier to add a
few more undocumented instructions to an existing chip, such as a bus
controller (which sees the entire data bus), than to add a new device
that might be detected by the production equipment that uses optical
comparators to detect missing, backwards, and misaligned components. A
white alumina or porcelain chip, among the usual brown ceramic chips,
would be easily visible.

3.  The photos of the mystery chip seems a little odd:
<https://assets.bwbx.io/images/users/iqjWHBFdfxIU/i9VdsjZLS_Pk/v1/-1x-1.jpg>
The solder pads on the sides of the chip look slightly oxidized and do
not look like anything that has been unsoldered by a hot air SMT
desoldering station, where the solder would be shiny and tends to
collect near the PCB side of the chip.

4.  What is a "signal conditioning coupler"? 
<http://www.samsungsem.com/global/product/passive-component/chip-resistor/array/index.jsp>
<https://hexus.net/media/uploaded/2018/10/eb42add4-0827-4831-b6c7-8409fb539eb1.jpg>

5.  With a PCB and chip in Bloomberg's possession, it would be fairly
easy to determine how it was connected into the server.  This should
have been done before announcing to the world that they had discovered
a spy chip, rather than discovering a capacitor or termination
resistor.

6.  There seems to be nearly zero demonstratable information on how
the chip could actually do something useful.  Plenty of theoretical
possibilities, but nothing that an SPI or serial bus analyzer couldn't
handle.

etc...

Not currently having the answers to these questions doesn't bother me.
The lack of anyone close to the source actually bothering to answer
them does bother me.

Sorry to be so vague but I've had a rotten day dealing with
Microsoft's October 2018 Windoze 10 update destroying customer data.
This has not been a good day.
<https://www.google.com/search?q=windows+10+update+erase+user+files&tbs=qdr:w>

-- 
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558