Supermicro server motherboards with hardware backdoor?

Started by Clifford Heath October 4, 2018
Whether it turns out to be true or not, this will be the biggest 
security blockbuster of the decade.

<https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies>

Clifford Heath
On 10/05/18 00:29, Clifford Heath wrote:
> Whether it turns out to be true or not, this will be the biggest > security blockbuster of the decade. > > <https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-
used-a-tiny-chip-to-infiltrate-america-s-top-companies>
> > > Clifford Heath
Couple of articles in The Register as well. Have said for years that we should keep the Chinese at arms length for hi tech, as even if they are not stealing the ip, they have more than enough reason to subvert the designs for their own good and the intellect to implement it. All good and furry on the outside, cheap manufacturing etc, but an undemocratic police state at core, with an expansionist agenda. More than ever, nations progress through advances in the sciences and technology and it should be considered a national security asset. Don't need a tinfoil hat to see that... Chris
On a sunny day (Fri, 5 Oct 2018 09:29:55 +1000) it happened Clifford Heath
<no.spam@please.net> wrote in <WnxtD.55769$6y.40842@fx09.iad>:

>Whether it turns out to be true or not, this will be the biggest >security blockbuster of the decade. > ><https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies >> > >Clifford Heath
Talk about politics, the news is full of 'China has done it' 'Russia has done it', all fake news originating from trumpesite infiltrated organizations. Same here, Netherlands, gov echoing 'Russia bad ', in the mean time the international court of justice in The Hague here is threatened by the war mongering US as it it ordered that same US to end sanctions against Iran, US industry and consumers are paying more an more for their home appliances and fuel, large parts of US industry suffer under the tariffs imposed by that clueless reality show host posing as 'president', and microsoft spy software is forced upon hardware sellers with modified BIOSes so it won't run anything else, every Intel processor if full of security holes, same for the what's it on board chips. Spy satellites look at what is on your plate, everything is listened to and recorded by same US and there slave states, I wanted to write to nl.politics where are we now, let's make our own nukes and take over that silly club there in N America, let's be great again. Days of Piet Hein https://en.wikipedia.org/wiki/Piet_Pieterszoon_Hein Don't be a US slave. Respect Russia and China. STAND UP! pussies hehe
On 05.10.2018 10:27, Jan Panteltje wrote:
> On a sunny day (Fri, 5 Oct 2018 09:29:55 +1000) it happened Clifford Heath > <no.spam@please.net> wrote in <WnxtD.55769$6y.40842@fx09.iad>: > >> Whether it turns out to be true or not, this will be the biggest >> security blockbuster of the decade. >> >>
<https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
>>> >> >> Clifford Heath > > Talk about politics, the news is full of 'China has done it' > 'Russia has done it', all fake news originating from trumpesite infiltrated
organizations.
> Same here, Netherlands, gov echoing 'Russia bad ', > in the mean time the international court of justice in The Hague here is
threatened by the war mongering US
> as it it ordered that same US to end sanctions against Iran, > US industry and consumers are paying more an more for their home appliances and
fuel,
> large parts of US industry suffer under the tariffs imposed by that clueless
reality show host posing as 'president',
> and microsoft spy software is forced upon hardware sellers with modified BIOSes so
it won't run anything else,
> every Intel processor if full of security holes, same for the what's it on board
chips.
> Spy satellites look at what is on your plate, everything is listened to and
recorded by same US and there slave states,
> I wanted to write to nl.politics where are we now, let's make our own nukes and
take over that silly club there in N America,
> let's be great again. > Days of Piet Hein > https://en.wikipedia.org/wiki/Piet_Pieterszoon_Hein > > Don't be a US slave. > > Respect Russia and China. > STAND UP! > > pussies > hehe >
It's interesting how a lot of political discussions are poorly understood psychology in a nutshell. Presumably, you feel insecure because of the world politics, and you want nukes. But suppose you had nukes. Would that make you feel more secure? I believe, that if the problem lies in some kind of a shared feeling of insecurity, then we don't need more nukes. We need more art, more culture, more things which make us happier. Gene.
On a sunny day (Fri, 5 Oct 2018 11:12:22 +0300) it happened Gene Filatov
<evgeny.filatov@ieee.org> wrote in <I1FtD.273300$Vl2.204335@fx46.iad>:

>On 05.10.2018 10:27, Jan Panteltje wrote: >> On a sunny day (Fri, 5 Oct 2018 09:29:55 +1000) it happened Clifford Heath >> <no.spam@please.net> wrote in <WnxtD.55769$6y.40842@fx09.iad>: >> >>> Whether it turns out to be true or not, this will be the biggest >>> security blockbuster of the decade. >>> >>> >>>
<https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
>>>> >>> >>> Clifford Heath >> >> Talk about politics, the news is full of 'China has done it' >> 'Russia has done it', all fake news originating from trumpesite infiltrated
organizations.
>> Same here, Netherlands, gov echoing 'Russia bad ', >> in the mean time the international court of justice in The Hague here is
threatened by the war mongering US
>> as it it ordered that same US to end sanctions against Iran, >> US industry and consumers are paying more an more for their home appliances and
fuel,
>> large parts of US industry suffer under the tariffs imposed by that clueless
reality show host posing as 'president',
>> and microsoft spy software is forced upon hardware sellers with modified BIOSes
so it won't run anything else,
>> every Intel processor if full of security holes, same for the what's it on board
chips.
>> Spy satellites look at what is on your plate, everything is listened to and
recorded by same US and there slave states,
>> I wanted to write to nl.politics where are we now, let's make our own nukes and
take over that silly club there in N America,
>> let's be great again. >> Days of Piet Hein >> https://en.wikipedia.org/wiki/Piet_Pieterszoon_Hein >> >> Don't be a US slave. >> >> Respect Russia and China. >> STAND UP! >> >> pussies >> hehe >> > > >It's interesting how a lot of political discussions are poorly >understood psychology in a nutshell. > >Presumably, you feel insecure because of the world politics, and you >want nukes. But suppose you had nukes. Would that make you feel more secure? > >I believe, that if the problem lies in some kind of a shared feeling of >insecurity, then we don't need more nukes. We need more art, more >culture, more things which make us happier. > >Gene.
Personally I believe in the right of the strongest [1]. US falling victim to decadence and stupidity snake oil, racism, climate change, the list is endless. [1] That includes intellect to defeat the competition in evolution. Empires are being digged up and people wonder why those ended. Same will happen in N 'merrica. Already it is falling apart internally, all it takes is to march in there and free the people.
In comp.arch.embedded Clifford Heath <no.spam@please.net> wrote:
> Whether it turns out to be true or not, this will be the biggest > security blockbuster of the decade. > >
<https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies> This is my analysis: https://www.lightbluetouchpaper.org/2018/10/05/making-sense-of-the-supermicro-motherboard-attack/ Theo
On 10/05/2018 08:28 AM, Theo Markettos wrote:
> In comp.arch.embedded Clifford Heath <no.spam@please.net> wrote: >> Whether it turns out to be true or not, this will be the biggest >> security blockbuster of the decade. >> >>
<https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies>
> > This is my analysis: >
https://www.lightbluetouchpaper.org/2018/10/05/making-sense-of-the-supermicro-motherboard-attack/
> > Theo >
Thanks for that write-up, but why do you find it more feasible that the firmware's being fetched across the network than that the interceptor chip simply has 32Mb of flash on it? It seems like that additional network traffic at boot time would be a pretty recognizable signature. -- Rob Gaddi, Highland Technology -- www.highlandtechnology.com Email address domain is currently out of order. See above to fix.
On Friday, October 5, 2018 at 11:28:27 AM UTC-4, Theo Markettos wrote:
> In comp.arch.embedded Clifford Heath <no.spam@please.net> wrote: > > Whether it turns out to be true or not, this will be the biggest > > security blockbuster of the decade. > > > >
<https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies>
> > This is my analysis: >
https://www.lightbluetouchpaper.org/2018/10/05/making-sense-of-the-supermicro-motherboard-attack/
> > Theo
Very interesting. Thanks.
In comp.arch.embedded Rob Gaddi <rgaddi@highlandtechnology.invalid> wrote:
> Thanks for that write-up, but why do you find it more feasible that the > firmware's being fetched across the network than that the interceptor > chip simply has 32Mb of flash on it? It seems like that additional > network traffic at boot time would be a pretty recognizable signature.
It is possible that the implant is simply replacing the existing QSPI flash, but then a firmware update would either replace it, or the update checksum would fail. So it has to be something that keeps the original flash functioning and tampers with it conditionally. A regular SPI flash chip couldn't that. A very basic flash edit (overdrive the real data lines and force some bytes of config settings) could be done in a CPLD - I didn't check what die sizes vendors have, but they can be small. An FPGA would likely be too big. A full custom chip is also feasible, but in another league in terms of costs. Theo
On 05 Oct 2018 16:28:21 +0100 (BST), Theo Markettos
<theom+news@chiark.greenend.org.uk> wrote:

>In comp.arch.embedded Clifford Heath <no.spam@please.net> wrote: >> Whether it turns out to be true or not, this will be the biggest >> security blockbuster of the decade. >> >>
<https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies>
>This is my analysis: >https://www.lightbluetouchpaper.org/2018/10/05/making-sense-of-the-supermicro-motherboard-attack/ >Theo
Thanks. Nicely thought out blog article. I agree that putting the chip on the SPI bus would be the ideal location. I might add that is would be possible to add microcode instructions to the CPU via the SPI bus (depending on how the added chip is wired into the system). Some deficiencies and unanswered questions in the original Bloomberg article: 1. Since Bloomberg apparently has possession of several of these mystery chips, why haven't anyone done an autopsy or xray analysis on what's inside? From the few photos, it looks like a resistor network. <https://www.siricomindia.com/wp-content/uploads/2016/08/Chip-Resistor-array-300x300.jpg> 2. If I wanted to compromise a server, it would much easier to add a few more undocumented instructions to an existing chip, such as a bus controller (which sees the entire data bus), than to add a new device that might be detected by the production equipment that uses optical comparators to detect missing, backwards, and misaligned components. A white alumina or porcelain chip, among the usual brown ceramic chips, would be easily visible. 3. The photos of the mystery chip seems a little odd: <https://assets.bwbx.io/images/users/iqjWHBFdfxIU/i9VdsjZLS_Pk/v1/-1x-1.jpg> The solder pads on the sides of the chip look slightly oxidized and do not look like anything that has been unsoldered by a hot air SMT desoldering station, where the solder would be shiny and tends to collect near the PCB side of the chip. 4. What is a "signal conditioning coupler"? <http://www.samsungsem.com/global/product/passive-component/chip-resistor/array/index.jsp> <https://hexus.net/media/uploaded/2018/10/eb42add4-0827-4831-b6c7-8409fb539eb1.jpg> 5. With a PCB and chip in Bloomberg's possession, it would be fairly easy to determine how it was connected into the server. This should have been done before announcing to the world that they had discovered a spy chip, rather than discovering a capacitor or termination resistor. 6. There seems to be nearly zero demonstratable information on how the chip could actually do something useful. Plenty of theoretical possibilities, but nothing that an SPI or serial bus analyzer couldn't handle. etc... Not currently having the answers to these questions doesn't bother me. The lack of anyone close to the source actually bothering to answer them does bother me. Sorry to be so vague but I've had a rotten day dealing with Microsoft's October 2018 Windoze 10 update destroying customer data. This has not been a good day. <https://www.google.com/search?q=windows+10+update+erase+user+files&tbs=qdr:w> -- Jeff Liebermann jeffl@cruzio.com 150 Felker St #D http://www.LearnByDestroying.com Santa Cruz CA 95060 http://802.11junk.com Skype: JeffLiebermann AE6KS 831-336-2558