Chinese military spy chips reportedly found in server motherboards used by Apple, Amazon, etc

GasBandit

Staff member
Reactions
2,231 473 9
#1
Reactions
970 248 10
#2
It's not impossible, but of course without actual evidence it's harder to make the assertion.
There are some who are wondering if this hasn't been conflated with cases of Supermicro boards coming with malware-infested firmware installed, rather than actual embedded spy hardware.
I've been waiting for someone to start the "How can we trust boards manufactured by our enemies?" train rolling, maybe this will be it.
...assuming this isn't just propaganda to get everyone all riled up over Chinese manufacturing, that is.

You know who's really going to suffer for this? Supermicro.

--Patrick
 
Reactions
347 151 0
#3
This isn't another smokescreen to cover up the announcement that there's yet another un-announced capability in Intel's Management Engine Enabled chips which can allow outside access to your CPU, is it? Because I haven't seen anything in mainstream media yet about "manufacturing mode," but it's starting to leak out that Apple shipped at least some of their laptops with MM enabled, and concerns that there's no way to disable it once the device makes it to the end-user.
 
Reactions
970 248 10
#5
This isn't another smokescreen to cover up the announcement that there's yet another un-announced capability in Intel's Management Engine Enabled chips which can allow outside access to your CPU, is it?
No, the assertion is that actual spy ICs were substituted/added/embedded on boards during the actual manufacturing process, not after they left the factory (which suggests state-level involvement).
it's starting to leak out that Apple shipped at least some of their laptops with MM enabled, and concerns that there's no way to disable it once the device makes it to the end-user.
Huh, didn't even know about this. Looks like it was one of the things patched in 10.13.5, though (released June 2018).

--Patrick
 
Reactions
347 151 0
#6
No, the assertion is that actual spy ICs were substituted/added/embedded on boards during the actual manufacturing process, not after they left the factory (which suggests state-level involvement).

--Patrick
I know, I read Bloomberg fear piece - I was more talking about how whenever either Meltdown or Spectre was announced, immediately someone else struck back with "but what about these 6 vulnerabilities in AMD chips?"
 
Reactions
970 248 10
#8
Bloomberg: Unnamed US Telecom company also victim of hacked Supermicro motherboards
Bloomberg didn't name the company, citing a non-disclosure agreement between the unnamed telecom and the security firm it hired to scan its data centers. AT&T, Sprint and T-Mobile all told Ars they weren't the telecom mentioned in the Bloomberg post. Verizon and CenturyLink also denied finding backdoored Supermicro hardware in their datacenter
(Quote source)

Bloomberg: “We can’t name which one it is and we’re the only ones talking about this but trust us, it’s real.”

...did someone at Bloomberg short Supermicro stock hard, or what?

—Patrick
 
Last edited:
Top