Whether that probe continues is unknown, as is a full account of its findings. But as recently as 2018, the FBI enlisted private-sector help in analyzing Supermicro equipment that contained added chips, according to an adviser to two security firms that did the work.
Tests of Super Micro equipment find no malicious chips in current or older-model motherboards
Download: https://urllio.com/2vHZzO
Mike Quinn, a cybersecurity executive who served in senior roles at Cisco Systems Inc. and Microsoft Corp., said he was briefed about added chips on Supermicro motherboards by officials from the U.S. Air Force. Quinn was working for a company that was a potential bidder for Air Force contracts, and the officials wanted to ensure that any work would not include Supermicro equipment, he said. Bloomberg agreed not to specify when Quinn received the briefing or identify the company he was working for at the time.
Computer hardware maker Super Micro Computer Inc told customers on Tuesday that an outside investigations firm had found no evidence of any malicious hardware in its current or older-model motherboards.
The current and earlier models of Super Micro Computer motherboards (Supermicro) do not contain any harmful chips, showed the audit booked by request of the producer after the publication of the Bloomberg agency as which affirmed that the Chinese hackers installed special microchips on Supermicro motherboards for servers of the largest American companies for the purpose of espionage behind them. It is said[2] in the letter directed to clients signed by the CEO of Supermicro Charles Liang and other top managers of the company[3].
This morning Bloomberg is reporting a bombshell for hardware security. Companies like Amazon and Apple have found a malicious chip on their server motherboards. These are not counterfeit chips. They are not part of the motherboard design. These were added by the factory at the time of manufacture. The chip was placed among other signal conditioning components and is incredibly hard to spot as the nature of these motherboards includes hundreds of minuscule components.
>In an article today, it is alleged that Supermicro motherboards sold to certain customers contained malicious chips on its motherboards in 2015. Supermicro has never found any malicious chips, nor been informed by any customer that such chips have been found.
It was portrayed as a sensational supply chain hack: China subverted motherboards made by San Jose, California-based Supermicro, installing spying chips the size of rice grains and opening a door to remote espionage.
The BIOS finding allegedly inspired investigators to try to find other examples of possible manipulation of Supermicro's products. The FBI gained FISA warrants in 2012 to monitor people connected to Supermicro, which led to the alleged discovery of the much-contested malicious chips, Bloomberg reports.
The new Bloomberg report provides a load of unnamed sources and three named sources who say they were briefed on this development between 2014 and 2017. Crucially, however, Bloomberg writes that "no customer has acknowledged finding malicious chips on Supermicro motherboards," with executives apparently complaining that they were not provided with enough details on how to find the chips.
In the Bloomberg article, it is said that Amazon could find some activity only in their Chinese DC, which would match with contacting a local server. The Internet scenario seems a bit far-fetched. Although it might be possible and that may have help detect the malicious chip while conducting some tests with full internet access to the BMC.
1. In a follow up story from Bloomberg they outlined to software side of the hack. The Supermicro portal where customers would download official firmware was also hacked at the same time.2. The hacked website was then used to deliver maliciously modifier firmware onto supermicro servers.
By targeting the surge sub-contractors the hacker could ensure that the malicious code in the firmware would only be triggered when installed on servers which were part of very large orders. This reduction in overall attack surface means that whatever the bad code was doing would be much harder to detect vs if it was just in the wild running on all Supermicro motherboards.
In order to get further down the trail, U.S. spy agencies drew on the prodigious tools at their disposal. They sifted through communications intercepts, tapped informants in Taiwan and China, even tracked key individuals through their phones, according to the person briefed on evidence gathered during the probe. Eventually, that person says, they traced the malicious chips to four subcontracting factories that had been building Supermicro motherboards for at least two years.
Gray or off-white in color, they looked more like signal conditioning couplers, another common motherboard component, than microchips, and so they were unlikely to be detectable without specialized equipment. Depending on the board model, the chips varied slightly in size, suggesting that the attackers had supplied different factories with different batches.
If the Bloomberg article is right, then the journalist had the wrong priority in going after clickbait/stock market moving Apple and Amazon. If 30 companies now had a massive pile of very expensive motherboards they really really didn`t want with a problem that isn`t exactly solved by a supermicro warranty replacement then one of the smaller companies would be happy to talk to journalists and share technical details if not an actual motherboard for independent analyses.
More over the original server motherboards are designed by an American company Super Micro. However, the malicious chips had been inserted during the manufacturing processes in China. According to the report, the chips were founded in servers used by U.S. military, intelligence agencies, and tech companies including Apple and Amazon. -spies-on-the-u-s-companies-using-tiny-chips/ Can you imageine?This is another source of this case. Bloomberg also notes that Apple and Amazon have detected chips on the servers motherboards back in 2015. The incident was reported to the U.S. authorities. However, the companies deny the claims.
At the CS3sthlm security conference later this month, security researcher Monta Elkins will show how he created a proof-of-concept version of that hardware hack in his basement. He intends to demonstrate just how easily spies, criminals, or saboteurs with even minimal skills, working on a shoestring budget, can plant a chip in enterprise IT equipment to offer themselves stealthy backdoor access. (Full disclosure: I'll be speaking at the same conference, which paid for my travel and is providing copies of my forthcoming book to attendees.) With only a $150 hot-air soldering tool, a $40 microscope, and some $2 chips ordered online, Elkins was able to alter a Cisco firewall in a way that he says most IT admins likely wouldn't notice, yet would give a remote attacker deep control.
A bombshell report claims that China has been developing a massive spying operation for a few years that involved building hardware backdoors into critical server components with the help of microchips no bigger than a grain of rice or the tip of a sharpened pencil. Those chips, once placed on motherboards that go into popular servers, would be able to help Chinese spies access information that would otherwise be unavailable to them.
They [US spies] sifted through communications intercepts, tapped informants in Taiwan and China, even tracked critical individuals through their phones, according to the person briefed on evidence gathered during the probe. Eventually, that person says, they traced the malicious chips to four subcontracting factories that had been building Supermicro motherboards for at least two years.
TPM microchips are small devices known as secure cryptoprocessors. Some TPMs are virtual or firmware varieties but, as a chip, a TPM is attached to your motherboard during the build and designed to enhance hardware security during computer startup. A TPM has been a mandatory piece of tech on Windows machines since 2016, so machines older than this may not have the necessary hardware or firmware. Previously, Microsoft required original equipment manufacturers of all models built to run Windows 10 to ensure that the machines were TPM 1.2-capable. TPM 2.0 is the most recent version required.
The United Kingdom's National Cyber Security Centre has backed Apple's and Amazon's denials of a Bloomberg Businessweek report that claimed Chinese spies planted tiny chips the size of a pencil tip on motherboards manufactured by Supermicro, which both Apple and Amazon used at one time in data center servers.
The insiders cited in the report said in the summer of 2015, a few weeks after Apple identified the malicious chips, the company started removing all Supermicro servers from its data centers. Every one of the 7,000 or so Supermicro servers was replaced in a matter of weeks, according to one of the insiders. 2ff7e9595c
Comments