FWIW there are also EMI filters in similar package https://media.digikey.com/pdf/Data%20Sheets/Murata%20PDFs/NFA31C_Series(1206%20Size).pdf
As I said earlier, I dunno if this story has any truth in it. I just consider it technically feasible. IIRC article called rogue component disguised as "filter". Picture probably is just something they googled as filter.
They specifically said “signal conditioning coupler”, which a bit of googling showed to be RF devices.
They may simply be fancy feed through caps, i.e. bypass caps.. "fancy" name for which is now filter. (Maybe there is an inductor, i.e. spiral structure in there along with the capacitance.)
Also, we're forgetting that with multinational public companies, they have a legal obligation to treat all countries the same. If they install a back door for one, they have to do it for all of them.
They are not allowed to discriminate on any basis other than money.
Whichever countries are their bigge$t customers come first.
Jeezus... you two come along and the IQ in here increases 50 points...
mnem
And then I come along and... ![Face Palm :palm:](https://www.eevblog.com/forum/Smileys/default/xfacepalm.gif.pagespeed.ic.EBDwh1hCfo.png)
That's about 25 points each.
They may simply be fancy feed through caps, i.e. bypass caps.. "fancy" name for which is now filter. (Maybe there is an inductor, i.e. spiral structure in there along with the capacitance.)
Also, we're forgetting that with multinational public companies, they have a legal obligation to treat all countries the same. If they install a back door for one, they have to do it for all of them.
They are not allowed to discriminate on any basis other than money.
Whichever countries are their bigge$t customers come first.
According to who do they have that obligation? A company is to obey the law, in whichever form it locally comes up to and including gag orders and active cooperation.
Jeezus... you two come along and the IQ in here increases 50 points...
mnem
And then I come along and... ![Face Palm :palm:](https://www.eevblog.com/forum/Smileys/default/xfacepalm.gif.pagespeed.ic.EBDwh1hCfo.png)
That's about 25 points each.
Not exactly; IQ is by definition an average scale, as well as being weighted median. To make such a shift indicates a huge disparity between the groups in question. It was a deliberate play on a phrase recently popularized by
Sherlock, "Don't talk out loud, you lower the IQ of the whole street."
To wit, there is a lot of egregiously dumb shit flying around this thread.
mnem
*Anything I put here would not improve on silence*
Here is the thing: the best way on a server motherboard to hide a backdoor here is to ship the ASPEED chip with a compromised firmware. Putting suspicion on those small components seem to make no sense to me. The ASPEED chip has an internal bootloader for its ARM9 or ARM11 processor, through abusing this with just software any code can be hidden.
Here is the thing: the best way on a server motherboard to hide a backdoor here is to ship the ASPEED chip with a compromised firmware. Putting suspicion on those small components seem to make no sense to me. The ASPEED chip has an internal bootloader for its ARM9 or ARM11 processor, through abusing this with just software any code can be hidden.
Exactly that. I mentioned that earlier.
Jeezus... you two come along and the IQ in here increases 50 points...
mnem
And then I come along and... ![Face Palm :palm:](https://www.eevblog.com/forum/Smileys/default/xfacepalm.gif.pagespeed.ic.EBDwh1hCfo.png)
That's about 25 points each.
I think you're being generous.
They may simply be fancy feed through caps, i.e. bypass caps.. "fancy" name for which is now filter. (Maybe there is an inductor, i.e. spiral structure in there along with the capacitance.)
Also, we're forgetting that with multinational public companies, they have a legal obligation to treat all countries the same. If they install a back door for one, they have to do it for all of them.
They are not allowed to discriminate on any basis other than money.
Whichever countries are their bigge$t customers come first.
According to who do they have that obligation? A company is to obey the law, in whichever form it locally comes up to and including gag orders and active cooperation.
He's joking. Actually, I thought it was quite wry.
No they posted an opinion piece then slithered off.
Why do I sense some smear happening on that opinion piece? Too bad the sources are obscured, otherwise a deeper research can reveal some peculiarities and interesting tidbits.
I honestly don't know about the minimum size, but a procedure might be when accepting this shit into high security facilities to download and checksum all the firmwares before use with code the company provided.
The chip might have a reciever or some other trick circuit in it to use the SPI line as a antenna, so a van drives around and activates it after its installed. It's really small though. I don't know if you could some how highjack the memory of another non-essential component on the PCB to act as a memory for the parasite chip or something like that (how would you tap into the CS line?).. it could passively turn on every once in a while to listen for some kind of radio signal to trigger it. I don't know how you would get a long time delay in a chip like that without some kind of external trigger, you can't put a big RC in there or something because its tiny.
The reasoning being that motherboards have a ton of crap thats often not used (audio driver on a server motherboard) that is possibly connected to the same SPI chain, so you could then download the memory from the chip being flashed, write it into another chip that acts as a data storage.. but how? The idea being kind of like the bus driver in the mafia mystery murder games.
Does anyone have a block diagram of the motherboards driver chain IC's etc?
I've just read the Apple letter to the congressional Committee on Commerce, Science and Transportation (bd139 has the link above).
I've read a lot of "non-denial denials" over the years, and I think I know how to spot one now. The Apple letter has none of the characteristics of a "non-denial denial", it lacks the over-specific denials, weasel words or tone that characterises them. It sounds like a honest denial that should be taken at face value.
Although this whole issue is still in a fog, it's increasingly looking like the Bloomberg story is a pile of steaming manure.
Bloomberg have a reputation to maintain - ultimately in the serious news business it's all you have. So it is not in Bloomberg's interests to create a 9 days wonder story in the way a piece-of-arsewipe tabloid might to sell a few extra copies - "Major IT Suppliers Compromised by Spies" is not "Kim Kardashian's Cosmetic Surgeon Says Left Buttock is Fake". You can bet that with a story of this significance and apparent long research time, that layers of Bloomberg's management and lawyers would have been over the story before it got the green light to publish. So I think we can discount that Bloomberg deliberately created a fake story out of thin air.
So if we accept Apple's denials and (tentatively?) those of the other named parties and discount the possibility that Bloomberg deliberately fabricated this, that just leaves malicious action on the part of a third party in planting the story with Bloomberg. Claims that some shadowy US government department or the US political apparatus ordered Bloomberg to publish this are not credible. Bloomberg has both good enough lawyers and enough ability to expose such a thing publicly by publishing, that it would be both legally and politically unthinkable. That just leaves an organisation with enough manpower and experience to run an operation designed to get Bloomberg to believe the story - which surely means the intelligence/espionage apparatus of some state level actor or similar. If we accept that, the next question has to be the old one, cui bono, who benefits?
Answering that question takes us down the rabbit hole of conspiracy theory. Not the Chinese, obviously. The French? I wouldn't put it past them, just for spite. The British? No real benefit to them. The "deep state" or someone trying to implicate the "deep state"? The illuminati? The tri-lateral commission? Scientology? Like I said, rabbit hole.
Realistic answers might include: Russia - detracts from the various investigations into their interference into US politics, plus they hate China. Domestic political groups - stir up righteous patriotic fervour with mid-terms coming (against: maybe rather too competent an operation for political rabble rousing). Israel - again, mid-terms, electing right wing pro-israeli candidates might make a little sense but not very much, but the Israelis have demonstrated in the past that they are prepared to do stupidly destructive things to gain a little advantage for themselves so it's not completely beyond reason. Any other sensibly plausible actors?
Edited to add: I'm dismissing straight cock-up theory because of the huge number of sources and the layers of approval that (at least in theory) this ought to have gone through at Bloomberg. If I'm wrong, then the level of journalistic competence shown is less than I could manage if I was simultaneously the most drunk I have ever been, with both hands tied behind my back, with an eyepatch on and just after someone's shot me in the left leg.
i would like to see block diagrams of the circuits proposed for some kind of time delay code injection and schematics of the mother board, that way a spec for the spy chip could be developed to see if its feasible from a integration standpoint based on the routing and feasible based on die size etc to see what technologies would need to be used
also it can be some kind of simple impedance chip designed to severely fuck with the EMI performance of the device, act as a mixer, cause a severe reflection or otherwise change the PCB to make it more susceptible to a TEMPEST attack, like most NSA bugs. Maybe it can disclose a encryption key from far away some how or lower the PCB suceptance.
I
The best "opinions" I've seen on this so far (from multiple sources) boil down to:
"I'd be surprised if this weren't happening by now."
"They pwned the hardware side ages ago. Why eff around with someone else's software?"
"Don't try to teach your grandmother how to cook cabbage."
"They couldn't find their arse with both hands and a seeing eye dog."
"Trust noone."
mnem
"Holy mother of god and all her wacky nephews..."
To me, this boils down to (ad don't forget we are talking about today's connected world)
1: The time and expense to affect only a bunch of networked servers, only a few of which might be use in the right place to get at what you want.
2: Spend money to develop an all software Zero Day back door hack which works online and get access to any online connected hardware you might want access to, not limited to specifically sold hardware installed at random location out of your control.
Now, with the Chinese government behind all of this, and their resources, 'today', will they bother with #1, or #2.
The chip might have a reciever or some other trick circuit in it to use the SPI line as a antenna, so a van drives around and activates it after its installed. It's really small though.
The mainboard is in a metal box called server. Multiple servers are in a metal rack (some might have a glass door) and there are tons of racks in a data center. Not very RF friendly.
The current idea of the spy chip modifying the linux firmware (stored in a flash chip) for the BMC on the fly is not very convincing. It would be easier to modify the firmware directly. A firmware update would render both methods useless and no sane network design would allow the management port to access the Internet. A spy chip would leave physical evidence of tampering behind. I'd be more concerned about Meltdown, Spectre and Foreshadow.
The chip might have a reciever or some other trick circuit in it to use the SPI line as a antenna, so a van drives around and activates it after its installed. It's really small though.
The mainboard is in a metal box called server. Multiple servers are in a metal rack (some might have a glass door) and there are tons of racks are in a data center. Not very RF friendly.
The current idea of the spy chip modifying the linux firmware (stored in a flash chip) for the BMC on the fly is not very convincing. It would be easier to modify the firmware directly. A firmware update would render both methods useless and no sane network design would allow the management port to access the Internet. A spy chip would leave physical evidence of tampering behind. I'd be more concerned about Meltdown, Spectre and Foreshadow.
How do you know the whole thing wont be susceptible if someone hits the building with a multi kilowatt burst of RF at close range from a directional antenna in a van? Or even have someone on foot do it with a special pack.. its not THAT hard to break into unsecured areas of a data center, I heard ridiculous stories from old penetration testers doing the darnest things to get inside a building. They can probobly get into the same hallway as the main access door with medium effort... getting into the room might be hard though.
It sounds ridiculous but someone can make billions of dollars doing this kind of shit.. technologies that seem absurd are cheap and economical to these people.
I notice that people in this thread have this idea that the attack needs to be considered a 'long term investment'. It could just be a heist.
LOL you've never been in a DC have you?
Even the shit ones have better security than the best MoD sites I've been on.