Author Topic: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.  (Read 35358 times)

0 Members and 1 Guest are viewing this topic.

Offline Red Squirrel

  • Super Contributor
  • ***
  • Posts: 2452
  • Country: ca
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #75 on: October 05, 2018, 03:14:22 am »
Has anyone with Supermicro hardware been able to locate this chip?  What happens if you just desolder it?
 

Offline mtdoc

  • Super Contributor
  • ***
  • Posts: 3581
  • Country: us
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #76 on: October 05, 2018, 03:33:18 am »
Has anyone with Supermicro hardware been able to locate this chip?  What happens if you just desolder it?

That will be the key to confirming or debunking this story. Someone is going to have to come forward with one of these chips found on their hardware and have it subjected to public analysis to convince me this it is real.  If anyone out there finds one, send it to Dave or Mike or Shahriar for analysis.
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 31232
  • Country: au
    • EEVblog
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #77 on: October 05, 2018, 03:39:13 am »
Has anyone with Supermicro hardware been able to locate this chip?  What happens if you just desolder it?

I have a SuperMicro server motherboard, but even if it did have the chip (unlikely I guess unless it's widespead across all models) with little to go on it would be hard to identify.

https://www.supermicro.com/products/motherboard/xeon/c600/x9dai.cfm
« Last Edit: October 05, 2018, 03:41:30 am by EEVblog »
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 31232
  • Country: au
    • EEVblog
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #78 on: October 05, 2018, 03:52:56 am »
The major parties have responded:
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond

Bloomberg got it wrong? Or CIA cover-up?  8)
 

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2314
  • Country: de
    • Frank Buss
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #79 on: October 05, 2018, 04:01:00 am »
The major parties have responded:
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond

Bloomberg got it wrong? Or CIA cover-up?  8)

Interesting to note, that China’s Ministry of Foreign Affairs didn't deny it, if it didn't get lost in translation.
So Long, and Thanks for All the Fish
Electronics, hiking, retro-computing, electronic music etc.: https://www.youtube.com/c/FrankBussProgrammer
 

Offline David Hess

  • Super Contributor
  • ***
  • Posts: 10930
  • Country: us
  • DavidH
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #80 on: October 05, 2018, 04:12:12 am »
None of the companies involved are going to want to publicly admit this happened.

What I read is that Supermicro contracts out board production and due to production limitations, production may be further contracted out which is where the compromised boards were produced.

This attack has been discussed in trade articles along with compromised firmware and compromised masks.  It is less expensive and easier to accomplish than a compromised mask but easier to detect.  Someone was bound to try it and I am surprised it took this long.
 

Offline MK14

  • Super Contributor
  • ***
  • Posts: 2355
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #81 on: October 05, 2018, 04:15:14 am »
This story, seems to be rapidly getting more and more complicated.

https://www.theregister.co.uk/2018/10/04/supermicro_bloomberg/?page=1

If the story turns out to be substantially true. I would be annoyed that we didn't hear about it in 2015. So potentially three years worth of data could have been compromised.

I still agree that the story is probably not really true and/or an exaggeration. As others, have pointed out in this thread.
 

Offline TimNJ

  • Frequent Contributor
  • **
  • Posts: 839
  • Country: us
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #82 on: October 05, 2018, 04:15:49 am »
Has anyone with Supermicro hardware been able to locate this chip?  What happens if you just desolder it?

That will be the key to confirming or debunking this story. Someone is going to have to come forward with one of these chips found on their hardware and have it subjected to public analysis to convince me this it is real.  If anyone out there finds one, send it to Dave or Mike or Shahriar for analysis.

There are hi-res pictures on Twitter of the exact board with no suspicious/malicious chip installed. It's possible that only server boards headed to Apple, AWS, et al. got the special treatment. I'm sure an order from Apple warrants a standalone production run.

Boards purchased by every day people/smaller players might not have it, so there might not be proof unless one of the (supposedly) 30 companies steps forward.

« Last Edit: October 05, 2018, 04:20:09 am by TimNJ »
 

Offline donotdespisethesnake

  • Super Contributor
  • ***
  • Posts: 1088
  • Country: gb
  • Embedded stuff
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #83 on: October 05, 2018, 06:48:11 am »
I think the story is bullshit. Possibly someone has decided to stitch up Bloomberg with a "fake news" story.
Bob
"All you said is just a bunch of opinions."
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 14577
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #84 on: October 05, 2018, 06:54:33 am »
Well I woke up this morning to three emails from a company having a total panic about this. Their IT guys only read the news on the way home from work, ate dinner, thought about it, then had a paddy at about midnight.

They don’t even have any Supermicro boxes.

I think the source and mission here has been very effective. Awaiting US political comment.

Also Bloomberg has puked out an opinion piece as well to stir discussion with a suitably facepalm title: https://www.bloomberg.com/view/articles/2018-10-04/computer-spies-hacked-reality

Today is going to be interesting for me. Not.
« Last Edit: October 05, 2018, 06:56:13 am by bd139 »
 

Online Zucca

  • Supporter
  • ****
  • Posts: 2581
  • Country: it
  • EE meid in Itali
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #85 on: October 05, 2018, 07:10:03 am »
My italian grandma knew nothing about PC or cyber EE security.
She used to say: "Il diavolo fa le pentole ma non i coperchi".

http://smilingeggplant.blogspot.com/2010/05/italian-proverbs-il-diavolo-fa-le.html

So if you doing something dishonest stop it, it's better for you and for the others.

Can't know what you don't love. St. Augustine
Can't love what you don't know. Zucca
 

Online borjam

  • Supporter
  • ****
  • Posts: 786
  • Country: es
  • EA2EKH
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #86 on: October 05, 2018, 10:28:51 am »
I think the source and mission here has been very effective. Awaiting US political comment.
I'm tending to agree with you. Doing the mental experiment of trying to pull that trick myself it gets more incredible by the minute. If that was possible it would be mostly limited to the IMPI/remote administration stuff. And with a properly filtered/isolated network it's unlikely that the machines could call home.

Unless, of course, plenty of infrastructure was already compromised years ago allowing for some invisible covert channel communications to take place.

In which case, anyway, it would be limited to extremely low bandwidth stuff suitable at most for critical infrastructure mapping (where did these servers manufactured in plant A or B go?) or even a kill switch. I am sure all of us have fantasized about a Pearl Harbor attack using embedded kill switches. I still doubt they would really achieve a "total" impact, so the risk of retaliation would be too high. And anyway how would the Chinese sustain their industry without us buying the stuff?

Quote
Also Bloomberg has puked out an opinion piece as well to stir discussion with a suitably facepalm title: https://www.bloomberg.com/view/articles/2018-10-04/computer-spies-hacked-reality

I really dispute some of the claims in this opinion piece. There are plenty of people with OS internals knowledge. It's blatantly obvious that both Apple and Amazon employ capable staff because, well, Apple is an OS vendor and Amazon has done a lof of development for their cloud services. Moreover, if you tinker with OS internals *and* drivers you need some level of hardware knowledge. There's the minor detail that Apple designs and manufactures hardware and I guess Amazon has custom designs as well.

And with the complexity of current hardware, just stare at a component and you will make it crash. Adding stuff?   :palm:

Of course I wouldn't rule out a really stupid real world feasibility test by actually compromising a bunch of servers. But still...

And yes, I know of that old Minix OS running inside some CPUs. But, does that thing really have access to the Ethernet interface while an OS driver is operating? Only during system boot before the OS is loaded?
 

Online srce

  • Regular Contributor
  • *
  • Posts: 132
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #87 on: October 05, 2018, 11:17:25 am »
That article reeks of bullshit and FUD to me.
Unfortunately written by someone who doesn't understand the tech, losing any details that might be informative.
Something inline with SPI flash is about the only thing I can guess based on the sparse info there, maybe even just disabling any write protection.

Though one detail was mentioned: "The illicit chips could do all this because they were connected to the baseboard management controller".  I find it plausible that they attacked WPCM450 and did it by putting their spy chip on SMBus.
It certainly seems feasible (even if it didn't actually happen). The IPMI architecutre provides access to both the NIC + system memory. I don't see why you couldn't have something on either the I2C or SPI busses monitoring / modifying data.

 

Offline funkyant

  • Supporter
  • ****
  • Posts: 125
  • Country: au
    • YouTube Channel
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #88 on: October 05, 2018, 11:25:28 am »
Let's apply Ockham here. Which is more likely:

1) China try a high cost, high probability of detection, low probability of success, exploit of limited applicability.

2) In a political climate of 'post truth' someone who wants to provoke a trade war with China 'leaks' propaganda. Everybody else (FBI, DNI, Apple, Amazon etc.) who ought to know about it denies that there is any veracity to it, including people who have the clout to tell the truth and damn anyone who tries to shut them up.

In the absence of verifiable evidence of this exploit, I think Ockham tends towards (2).

The interesting thing about Occam's Razor is that it's only ever introduced into an argument when there is no evidence.

I tend to agree with others here. This is probably fake news. But we can only guess until we know more facts.
 

Online BravoV

  • Super Contributor
  • ***
  • Posts: 6767
  • Country: 00
  • +++ ATH1
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #89 on: October 05, 2018, 12:08:59 pm »
But we can only guess until we know more facts.

No guessing needed, hard fact and fact only, its not that hard, especially in this community.

Watch how big names were mentioned deliberately, instead down to earth exposure of the hardware porn, or fragments of codes that are the culprits.

Offline MK14

  • Super Contributor
  • ***
  • Posts: 2355
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #90 on: October 05, 2018, 12:26:35 pm »
I'm not sure that this "story", adds up, in my mind.

Because the journalist(s), who released the "story", seem to be claiming, the main evidence comes from Amazon, Apple and SuperMicro.
Yet, Amazon, Apple and SuperMicro all strongly claim the story is nonsense.

The journalist(s), explanation of why, Amazon, Apple and SuperMicro all deny the story, is because (they are hinting), the US Trump Administration has gagged them.

But, if the US Trump Administration has gagged them, why have the journalist(s), been allowed to release the story.

tl;dr
This story sounds very fishy and doesn't seem to add up.

I get, very suspicious of the US Trump Administration. Especially as regards, honesty and integrity.

Recently, Trump has been VERY aggressive against China, at the UN and with Trumps massive trade war with China.
This makes me very suspicious the story is false (or exaggerated or something).

Where is the real evidence (i.e. hardware) ?
Let's see these spy chips and let independent organisation(s), investigate them and publish the results.
 

Online BravoV

  • Super Contributor
  • ***
  • Posts: 6767
  • Country: 00
  • +++ ATH1
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #91 on: October 05, 2018, 01:08:24 pm »
This story sounds very fishy and doesn't seem to add up.

I get, very suspicious of the US Trump Administration. Especially as regards, honesty and integrity.

Recently, Trump has been VERY aggressive against China, at the UN and with Trumps massive trade war with China.
This makes me very suspicious the story is false (or exaggerated or something).

Where is the real evidence (i.e. hardware) ?
Let's see these spy chips and let independent organisation(s), investigate them and publish the results.

One word ... S-400.



Fact and fact only ..

- Turkey, look what happened recently, when they were bullied using currency weapon.

- India, its just matter of time, news similar like this one pops out like popcorn say on topics like Indian IT business used by Westerner, Indian people that work as top officials at large technology companies and etc, if India keeps the "naughtiness" like keep pursuing this kind of activities -> HERE or HERE ...  :-DD

- China , its obvious, and with the recent addition for S-400 delivered by Russia, its just like pouring fuel in the fire ..  >:D

.. so on.
« Last Edit: October 05, 2018, 01:12:14 pm by BravoV »
 
The following users thanked this post: MK14

Offline MK14

  • Super Contributor
  • ***
  • Posts: 2355
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #92 on: October 05, 2018, 01:28:23 pm »
- China , its obvious, and with the recent addition for S-400 delivered by Russia, its just like pouring fuel in the fire ..  >:D

.. so on.

If what you seem to be hinting/thinking/suggesting, is right. Then we are moving to a partly (as it has probably be done, lots of times before), new era, where the US (Trump Administration), creates bogus fake-news. Just to hurt countries/companies/individuals which it dislikes and/or wants to penalize.

If that is the case, it is sad times ahead.

The old saying, goes something like "The first casualty of war is the TRUTH".
Hopefully, we are just talking about "COLD" wars.
« Last Edit: October 05, 2018, 01:31:27 pm by MK14 »
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9063
  • Country: 00
  • Display aficionado
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #93 on: October 05, 2018, 01:28:34 pm »
The plot thickens. Apparently an ftp server of Supermicro got hacked a while back and served infected firmware. This was the reason Apple stopped working with Supermicro, according to Apple. Reports are that they initially denied any of this happening back then. Maybe their gag order ran out after a while?

https://www.macrumors.com/2017/02/23/apple-ends-relationship-with-super-micro/
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9063
  • Country: 00
  • Display aficionado
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #94 on: October 05, 2018, 01:29:55 pm »
If what you seem to be hinting/thinking/suggesting, is right. Then we are moving to a partly (as it has probably be done, lots of times before), new era, where the US (Trump Administration), creates bogus fake-news. Just to hurt countries/companies/individuals which it dislikes and/or wants to hurt.

If that is the case, it is sad times ahead.

The old saying, goes something like "The first casualty of war is the TRUTH".
I think many countries in the recent and more distant past have done this. It's nothing new.
 
The following users thanked this post: mtdoc, MK14

Offline MK14

  • Super Contributor
  • ***
  • Posts: 2355
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #95 on: October 05, 2018, 01:36:41 pm »
I think many countries in the recent and more distant past have done this. It's nothing new.

Yes, that is true.
But in the case of many countries, such as the UK.
It is only in times of actual war (e.g. world war 2), or when they are at war with another country. That the hypothetical department of misinformation, comes rolling into action.

But I agree, that political systems, including the UK. Seem to sometimes come up with "stories", to apparently manipulate things. Such as Brexit and the EU.
The "stories", are usually basically true. But the timing and creation/release of the story at just the **right/**wrong time, seems to be more than just a coincidence!

**=right time for the political party, initiating the news, and wrong time for the people the news is about.
« Last Edit: October 05, 2018, 01:43:27 pm by MK14 »
 

Online BravoV

  • Super Contributor
  • ***
  • Posts: 6767
  • Country: 00
  • +++ ATH1
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #96 on: October 05, 2018, 01:43:18 pm »
- China , its obvious, and with the recent addition for S-400 delivered by Russia, its just like pouring fuel in the fire ..  >:D

.. so on.

If what you seem to be hinting/thinking/suggesting, is right. Then we are moving to a partly (as it has probably be done, lots of times before), new era, where the US (Trump Administration), creates bogus fake-news. Just to hurt countries/companies/individuals which it dislikes and/or wants to penalize.

If that is the case, it is sad times ahead.

The old saying, goes something like "The first casualty of war is the TRUTH".
Hopefully, we are just talking about "COLD" wars.

As I don't have crystal ball, gut feeling telling me this time, the "new era" is emerging, and will be shaped totally as different animal, from what we've seen/experienced in the past at the previous cold war.

All my kids are grown ups, just my 2 cents, for those with young kids, interesting time ahead, think & plan wisely what are you planning for them if you care & love them.
 
The following users thanked this post: MK14

Online bd139

  • Super Contributor
  • ***
  • Posts: 14577
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #97 on: October 05, 2018, 01:45:18 pm »
I think many countries in the recent and more distant past have done this. It's nothing new.

Yes, that is true.
But in the case of many countries, such as the UK.
It is only in times of actual war (e.g. world war 2), or when they are at war with another country. That the hypothetical department of misinformation, comes rolling into action.

But I agree, that political systems, including the UK. Seem to sometimes come up with "stories", to apparently manipulate things. Such as Brexit and the EU.
The "stories", are usually basically true. But the timing and creation/release of the story at just the **right/**wrong time, seems to be more than just a coincidence!

**=right time for the political party, initiating the news, and wrong time for the people the news is about.

Actually it's more complicated than this.

Tell a lie out loud in a sector where people are easily misled (tabloids), print an apology / rebuttal in small print somewhere else down the line.

People still remember the initial story.
 
The following users thanked this post: MK14

Offline madires

  • Super Contributor
  • ***
  • Posts: 5110
  • Country: de
  • A qualified hobbyist ;)
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #98 on: October 05, 2018, 01:50:18 pm »
My take on this is that Amazon and the others deny the existence of a spy chip because it would harm their cloud business (under the assumption the spy chip is real). Who would use compromised servers? It would be a disaster, worse than Meltdown and Spectre.

Is there a spy chip? To be able to extract valuable data you would need access to the CPU and/or RAM. That requires a large chip with a lot of bus lines. Too obvious! Tapping the onboard Ethernet? 10GBase-whatever makes that hard too. What about the integrated remote management? It's low speed, but no sane person would connect the management ports to the Internet. The most likely approach is to modify the UEFI, i.e. adding the spy tool and starting it before the OS gets loaded (requires also some tweaking of SecureBoot).
 

Offline MK14

  • Super Contributor
  • ***
  • Posts: 2355
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #99 on: October 05, 2018, 01:52:14 pm »
Actually it's more complicated than this.

Tell a lie out loud in a sector where people are easily misled (tabloids), print an apology / rebuttal in small print somewhere else down the line.

People still remember the initial story.

Good point.

I think there is no way, this story can be retracted now. However much it is proven to be false (assuming it is false).

The seeds of doubt, in the integrity/security of computer systems, and security risks of getting stuff made in China and/or Chinese electronic components. Has already been put into peoples minds.

Because of the way technical stories like this propagate. I imagine the general public will soon think it applies to ALL PCs, and even tablets and mobile phones.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf