Author Topic: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.  (Read 36028 times)

0 Members and 1 Guest are viewing this topic.

Offline VK3DRB

  • Super Contributor
  • ***
  • Posts: 1737
  • Country: au
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #100 on: October 05, 2018, 01:53:14 pm »
Whether it is true or not about the fake capacitor, we all know Chinese communist government is the world's biggest crime syndicate.

For a start, the free world needs to confiscate all foreign properties, securities and loot smuggled abroad by the members and the families of the Central Committee of the Chinese Communist Party. The billions of dollars can be used to help pay some of the damage to western companies caused by China's rampant and shameless IP theft. 
 

Offline TimNJ

  • Frequent Contributor
  • **
  • Posts: 859
  • Country: us
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #101 on: October 05, 2018, 02:01:53 pm »
The plot thickens. Apparently an ftp server of Supermicro got hacked a while back and served infected firmware. This was the reason Apple stopped working with Supermicro, according to Apple. Reports are that they initially denied any of this happening back then. Maybe their gag order ran out after a while?

https://www.macrumors.com/2017/02/23/apple-ends-relationship-with-super-micro/

Really? Drop an entire vendor because one lab machine had infected firmware? And then deny that there was a security incident? And then come back and admit that they did find bad firmware?

I don't think we can really trust Apple at this point. If true, they'll deny this to the grave.

When you discover a security breach, why tell your shareholders when you can also not tell your shareholders?
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 14925
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #102 on: October 05, 2018, 02:10:21 pm »
Whether it is true or not about the fake capacitor, we all know Chinese communist government is the world's biggest crime syndicate.

For a start, the free world needs to confiscate all foreign properties, securities and loot smuggled abroad by the members and the families of the Central Committee of the Chinese Communist Party. The billions of dollars can be used to help pay some of the damage to western companies caused by China's rampant and shameless IP theft. 

Let's not blanket blame China here yet or start pointing fingers. Chinese universities are pretty much shitting on the West at the moment on new developments so I'm not sure that's even realistic.

There's a whole list of reasons here to not point fingers yet: https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)



The plot thickens. Apparently an ftp server of Supermicro got hacked a while back and served infected firmware. This was the reason Apple stopped working with Supermicro, according to Apple. Reports are that they initially denied any of this happening back then. Maybe their gag order ran out after a while?

https://www.macrumors.com/2017/02/23/apple-ends-relationship-with-super-micro/

Really? Drop an entire vendor because one lab machine had infected firmware? And then deny that there was a security incident? And then come back and admit that they did find bad firmware?

I don't think we can really trust Apple at this point. If true, they'll deny this to the grave.

When you discover a security breach, why tell your shareholders when you can also not tell your shareholders?

Apple have done that numerous times. They got a better deal elsewhere and used that as leverage to get out of the current one.

 

Offline TimNJ

  • Frequent Contributor
  • **
  • Posts: 859
  • Country: us
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #103 on: October 05, 2018, 02:15:33 pm »
The plot thickens. Apparently an ftp server of Supermicro got hacked a while back and served infected firmware. This was the reason Apple stopped working with Supermicro, according to Apple. Reports are that they initially denied any of this happening back then. Maybe their gag order ran out after a while?

https://www.macrumors.com/2017/02/23/apple-ends-relationship-with-super-micro/

Really? Drop an entire vendor because one lab machine had infected firmware? And then deny that there was a security incident? And then come back and admit that they did find bad firmware?

I don't think we can really trust Apple at this point. If true, they'll deny this to the grave.

When you discover a security breach, why tell your shareholders when you can also not tell your shareholders?

Apple have done that numerous times. They got a better deal elsewhere and used that as leverage to get out of the current one.



They have used a security "concern" to get out of a contract with a vendor (even if it wasn't that big of a deal)? Maybe.

Still don't give me warm and fuzzies that they lied about it.
 

Online BravoV

  • Super Contributor
  • ***
  • Posts: 6781
  • Country: 00
  • +++ ATH1
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #104 on: October 05, 2018, 02:18:35 pm »
I guess someone at UK National Cyber Security Centre pissed off with Trump ...  :-DD

https://www.cnbc.com/2018/10/05/uk-cyber-security-agency-backs-apple-amazon-china-hack-denials.html
 
The following users thanked this post: MK14, bd139

Offline Bud

  • Super Contributor
  • ***
  • Posts: 4140
  • Country: ca
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #105 on: October 05, 2018, 02:22:27 pm »
In the Thermal Imaging sub forum a complete compromise of the E4 camera security was achieved by modifying just 1 bit of a cpu instruction code. So things may be possible to achieve with a clever approach instead of a dumb one and you may not need access to the full cpu or ram bus, just to a part of it.
Facebook-free life and Rigol-free shack.
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 4140
  • Country: ca
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #106 on: October 05, 2018, 02:31:26 pm »
I guess someone at UK National Cyber Security Centre pissed off with Trump ...  :-DD

https://www.cnbc.com/2018/10/05/uk-cyber-security-agency-backs-apple-amazon-china-hack-denials.html

So how come they have become so sure about having no doubt that fast ?
Facebook-free life and Rigol-free shack.
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 14925
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #107 on: October 05, 2018, 02:41:50 pm »
I guess someone at UK National Cyber Security Centre pissed off with Trump ...  :-DD

https://www.cnbc.com/2018/10/05/uk-cyber-security-agency-backs-apple-amazon-china-hack-denials.html

So how come they have become so sure about having no doubt that fast ?

Five eyes.

NCSC is part of GCHQ.
 

Online BravoV

  • Super Contributor
  • ***
  • Posts: 6781
  • Country: 00
  • +++ ATH1
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #108 on: October 05, 2018, 02:48:37 pm »
I guess someone at UK National Cyber Security Centre pissed off with Trump ...  :-DD

https://www.cnbc.com/2018/10/05/uk-cyber-security-agency-backs-apple-amazon-china-hack-denials.html

So how come they have become so sure about having no doubt that fast ?

I dunno  :-// .. maybe ... just maybe they're not as competence as Bloomberg's reporter ? Maybe ...  >:D

But this new message is clear, UK already took side.

Now, what interesting ahead is, if .. again, a big IF .. later, they come out again to reverse that statement, than that means someone at GCHQ got f**ked real hard, probably caused by a phone call made from Washington to Downing street 10.  :-DD

Offline Stray Electron

  • Frequent Contributor
  • **
  • Posts: 972
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #109 on: October 05, 2018, 03:04:24 pm »
I guess someone at UK National Cyber Security Centre pissed off with Trump ...  :-DD

https://www.cnbc.com/2018/10/05/uk-cyber-security-agency-backs-apple-amazon-china-hack-denials.html

30 "Unnamed sources".  Yeah, I'm sure that we can trust that report.  <sarcasm off>
 
The following users thanked this post: tooki

Online BravoV

  • Super Contributor
  • ***
  • Posts: 6781
  • Country: 00
  • +++ ATH1
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #110 on: October 05, 2018, 03:12:07 pm »
I guess someone at UK National Cyber Security Centre pissed off with Trump ...  :-DD

https://www.cnbc.com/2018/10/05/uk-cyber-security-agency-backs-apple-amazon-china-hack-denials.html

30 "Unnamed sources".  Yeah, I'm sure that we can trust that report.  <sarcasm off>

C'mon, its not that hard.

The source -> https://www.reuters.com/article/us-china-cyber-britain/uk-cyber-security-agency-backs-apple-amazon-china-hack-denials-idUSKCN1MF1DN

Reporting by Guy Faulconbridge and Mark Hosenball; editing by Sarah Young

Put the CNBC as its more familiar for Northern America audiences, instead of Reuters.  :P
« Last Edit: October 05, 2018, 03:13:53 pm by BravoV »
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 4140
  • Country: ca
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #111 on: October 05, 2018, 03:32:40 pm »
In the Thermal Imaging sub forum a complete compromise of the E4 camera security was achieved by modifying just 1 bit of a cpu instruction code.
ARM's conditional execution bit?

No
Facebook-free life and Rigol-free shack.
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 4140
  • Country: ca
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #112 on: October 05, 2018, 03:39:30 pm »
Let Apple and Amazon to testify before Congress. This seems to be America's favorite show this season,
Facebook-free life and Rigol-free shack.
 

Online BravoV

  • Super Contributor
  • ***
  • Posts: 6781
  • Country: 00
  • +++ ATH1
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #113 on: October 05, 2018, 03:56:07 pm »
Let Apple and Amazon to testify before Congress. This seems to be America's favorite show this season,

Its a norm, even in the land of pure capitalism heaven, you just can not grow too big or too rich, even legit. Pure total submission and down with your knee is mandatory, hence what happened to big corporations, Microsoft experienced this too in the past, or will get bullied & grilled until they're fully surrendered.

Nope, money flow handsomely alone to gov and house of representative creatures is not enough.  >:D


Online blueskull

  • Supporter
  • ****
  • Posts: 13652
  • Country: cn
  • Power Electronics Guy
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #114 on: October 05, 2018, 04:07:05 pm »
The billions of dollars can be used to help pay some of the damage to western companies caused by China's rampant and shameless IP theft.

And also your loss of employment insurance, if that's what you mean.

China is getting more and more innovative, as can be seen from history.

In the 1990s, China blatantly cloned entire designs.

In the 2000s, China cloned part of the designs and costed-down the designs by modifications.

In the 2010s, most Chinese designs are patent infringing, but the engineering is more or less independent.

China will keep stealing patents for many more years, but engineering will be more or less independent.

China doesn't care about right or wrong, China only cares about power.

Being able to engineer is a power to technological independence. Being able to invent is not.

China needs technological independence, as that frees China from potential sanction from the west.

That is the ultimate free pass to dictatorship. The only thing that prevents Chinese government from physically suppressing its unrest people and its separatism states is the fear of being sanctioned by the west.

What China wants is not really that much. All we want is the west to leave us alone as long as we don't touch a NATO country.

And the west just will not. China will never be peaceful until the west stops policing near China.

China wouldn't have to clone western technology, China wouldn't have to manipulate currency, and China wouldn't have to be a political enemy of the west, as long as the west gets their fuck out of Chinese politics.
 
The following users thanked this post: bd139

Offline donotdespisethesnake

  • Super Contributor
  • ***
  • Posts: 1106
  • Country: gb
  • Embedded stuff
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #115 on: October 05, 2018, 04:55:32 pm »
Whether it is true or not about the fake capacitor, we all know Chinese communist government is the world's biggest crime syndicate.

For a start, the free world needs to confiscate all foreign properties, securities and loot smuggled abroad by the members and the families of the Central Committee of the Chinese Communist Party. The billions of dollars can be used to help pay some of the damage to western companies caused by China's rampant and shameless IP theft.

 :-DD

"I don't care about the truth, I have swallowed the anti-Chinese propaganda hook, line and sinker!"
Bob
"All you said is just a bunch of opinions."
 
The following users thanked this post: mtdoc, blueskull, newbrain, bd139

Online blueskull

  • Supporter
  • ****
  • Posts: 13652
  • Country: cn
  • Power Electronics Guy
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #116 on: October 05, 2018, 06:05:42 pm »
They're stealing IPs ?  >:D

Like everyone else, you know. Who the F (smaller players only) has ever paid for SD license for using a damn card in a design? Who the F has ever paid for what is literally abandoned WiFi patents? And who the F hasn't used FFMpeg or one of its frontends in their life as a tech person?
 
The following users thanked this post: xaxaxa

Online mnementh

  • Super Contributor
  • ***
  • Posts: 7642
  • Country: ca
  • *Escaping The Suck*
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #117 on: October 05, 2018, 07:08:20 pm »
The more interesting part of this diversion, to me at least....

With it going on, where are all the smart, tech-savvy people NOT paying attention?

All the preparations for a midterm election just weeks away that will literally define this nation's fundamental agenda for generations to come.

Not only does it create a diversion, but also it casts yet another potential external scapegoat into the center arena for inevitable compromised electoral outcomes, of course distracting us from the incumbent congressional corruption anybody with a whit of sense knows has been at fault all along.

mnem
Cassandra can suck it.
 
The following users thanked this post: MK14

Offline ajb

  • Super Contributor
  • ***
  • Posts: 1771
  • Country: us
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #118 on: October 05, 2018, 07:18:44 pm »
There are hi-res pictures on Twitter of the exact board with no suspicious/malicious chip installed. It's possible that only server boards headed to Apple, AWS, et al. got the special treatment. I'm sure an order from Apple warrants a standalone production run.
Well, if you take the Bloomberg article at face value, virtually every chip components is potentially malicious.  Without any information on the nature of the exploit, you can't even really narrow it down that far, other than making educated guesses.  Even if you decap and analyze every single IC, and carefully inspect every chip component, and completely tear apart the PCB to look for embedded components, at best you could prove that the particular specimen was not compromised, but who knows how many different units from how many different production runs and design variants are out there.  So if the article *is* FUD or propaganda, being so difficult to definitively disprove is certainly an advantage. 

Ars Technica's article on the topic points out that Apple and Amazon's rebuttals are interesting in how strong and unambiguous they are.  The government could legally compel them not to reveal information about what Bloomberg's reported, but generally could not legally compel them to lie about it.  So if they were under some order not to report such information, you'd expect evasion rather than outright and strenuous denial.  Which isn't to say that they aren't outright lying, but it doesn't appear very likely.

What China wants is not really that much. All we want is the west to leave us alone as long as we don't touch a NATO country.

And the west just will not. China will never be peaceful until the west stops policing near China.

I don't know about other western countries, but the US has treaty obligations in the region.  Korea and Japan in particular have in interest in checking China's military and economic influence, and strong military/economic ties with the US.  Balance of power is practically a natural law of geopolitics.  Regardless of your opinion on North Korea, maritime territorial disputes, or any of the other hot buttons in the area, it's hardly as simple as saying the west just needs to get out of China's way.  I'm also not sure that other countries in the region would be so happy about seeing a less restrained China. . .
« Last Edit: October 05, 2018, 07:23:32 pm by ajb »
 
The following users thanked this post: PointyOintment, MK14

Online blueskull

  • Supporter
  • ****
  • Posts: 13652
  • Country: cn
  • Power Electronics Guy
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #119 on: October 05, 2018, 09:26:21 pm »
I don't know about other western countries, but the US has treaty obligations in the region.

I'm not talking about Japan and Korea. I was talking about domestic social unrest.

In China, the government, not the people, owns he land. It's not like EU where if you want to "brexit", you can exit.

If the west stay out of human right issues of China and stop sanctioning China for suppressing separatists, China will not need to be excluded from ITAR list, and then China will not have to clone all western technologies if we have a steady, political-free supply of them.
 

Offline apis

  • Super Contributor
  • ***
  • Posts: 1667
  • Country: se
  • Hobbyist
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #120 on: October 06, 2018, 12:06:19 am »
It's been on the major news stations in Scandinavia now, and they spin it as if it's true, although they mention
that apple and amazon denies it.

In China, the government, not the people, owns he land.
Actually, that is the same everywhere; only governments "owns" territory. Control is a perhaps a better word than own. Usually through military means, but sometimes also because of tradition. Each country have different rules of how they then divide the rights to use that land among their citizens though. If you "own" some property in e.g. Sweden or the USA, you are really just sort of leasing it; you have a contract with the government giving you a monopoly on using some part of the territory in certain ways, e.g. for farming or for mining or building a house, but there are limits to what you can do with it.
 

Offline Red Squirrel

  • Super Contributor
  • ***
  • Posts: 2459
  • Country: ca
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #121 on: October 06, 2018, 12:58:40 am »
Yeah sadly even in north america the government really owns/controls the land.  You can buy land you own it in the legal sense, but if the government or a corporation wants it, they get it.  They can also tell you what you're not allowed to do on it etc.  It's actually BS.   Though there are unorganized townships where you tend to have more freedom with the land you buy.  It's my dream to eventually live in one.   Would be great to be able to build anything without needing permits etc.
 

Offline VK3DRB

  • Super Contributor
  • ***
  • Posts: 1737
  • Country: au
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #122 on: October 06, 2018, 01:23:33 am »
The billions of dollars can be used to help pay some of the damage to western companies caused by China's rampant and shameless IP theft.
In the 1990s, China blatantly cloned entire designs....
China doesn't care about right or wrong, China only cares about power....

That is the ultimate free pass to dictatorship. The only thing that prevents Chinese government from physically suppressing its unrest people and its separatism states is the fear of being sanctioned by the west.


Disgree.... not the 1990's... now. There are exact copies of creative patented or copyrighted work by Australian companies and individuals which thieving pirates sell stuff blatantly around the world. IP theft is rampant. Not "copy watch" of the 1990's, but entire designs of high value items where you cannot tell the difference.

This might surprise you... http://www.techguide.com.au/news/the-worlds-greatest-technologies-that-were-invented-in-australia/
Not bad for a free country of between 8 and 25 million people in a remote part of the world, compared to China with 1.4 billion people.

I agree the Chinese communist government cares only about power. Because ultimately it is a tool for the princelings and their privileged families to save face and accumulate massive amounts of money. That is why they are terrified of democracy.

http://www.abc.net.au/radio/programs/worldtoday/is-china-stealing-intellectual-property/10302836
 

Online blueskull

  • Supporter
  • ****
  • Posts: 13652
  • Country: cn
  • Power Electronics Guy
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #123 on: October 06, 2018, 01:42:45 am »
Disgree.... not the 1990's... now. There are exact copies of creative patented or copyrighted work by Australian companies and individuals which thieving pirates sell stuff blatantly around the world. IP theft is rampant. Not "copy watch" of the 1990's, but entire designs of high value items where you cannot tell the difference.

Weird. I don't see any of them. Examples please.

Let's make it clear. Since we are talking illegal blatant direct clones that hit the market, those don't count:
1. Cloning of ideas and patents don't count. Only cloning of actual reduction to practice counts.
2. Mimicking a genuine hardware device to illegally use the original software doesn't count.
3. Cloning under a license or a circumvented or successfully attacked IP (copyright under DMCA exemptions, patents with nullified claims, etc.) doesn't count.
4. Cloning at a small scale (mom and dad shop, personal projects or industrial products that're only intended to be used in-house, not to be sold) or for special purposes (government actions for defensive, governmental or policing applications) doesn't count.
5. Genuine development using pirate software/firmware o cloned tools doesn't count.

This might surprise you... http://www.techguide.com.au/news/the-worlds-greatest-technologies-that-were-invented-in-australia/

Not surprised. I knew WiFi is invented by AU government researchers.
 

Online blueskull

  • Supporter
  • ****
  • Posts: 13652
  • Country: cn
  • Power Electronics Guy
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #124 on: October 06, 2018, 01:49:01 am »
I agree the Chinese communist government cares only about power.

I bet you've never lived in China. Chinese government is corrupted as hell, but many Chinese people are way more corrupted.
Everyone in China, if has some sort of power, is corrupted. At least the government is being supervised and has to obey the law, at least to certain extent.

Farmers sell poisonous food to urban citizens, doctors prescribe unnecessary lab tests for making some cut, teachers give special attentions to students with rich dads, and the list goes on.
I bet if there is any power, even if just a little bit, that can change other people's living quality by just a tiny margin, the power will be monetized

Now in such a context, Chinese government is fairly clean, compared with the F*ed up society.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf