-
Notifications
You must be signed in to change notification settings - Fork 0
Notes Class 01
Class 01: China Chip
Hardware hacks are more difficult to pull off, but are potentially more devasting. Long term.
“Hardware attacks are about access,” as one former senior official puts it.
Interdiction - consists of manipulating devices as they’re in transit from manufacturer to customer. Seeding - The other method involves seeding changes from the very beginning.
China made a small chip, size of a grain of rice. Made to look like another computer part. The chip was inserted at factories in China that supply Supermicro. The sabotage equipment made its way into data centers of dozens of companies. When the infected servers were turned on the chip would give itself permission to contact attackers for follow up instructions and code. This system could let the attackers alter how the device functioned, line by line, however they wanted, leaving no one the wiser. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow
To track the corrupted chips to their source, U.S. intelligence agencies began following Supermicro’s serpentine supply chain in reverse, a person briefed on evidence gathered during the probe says.Eventually, that person says, they traced the malicious chips to four subcontracting factories that had been building Supermicro motherboards for at least two years.
Other notes: Affected 30 companies. China makes 70% of smartphones and 90% of PCs Supermicro sells more server motherboards than almost anyone else. Gray or off-white in color, they looked more like signal conditioning couplers, another common motherboard component, than microchips, and so they were unlikely to be detectable without specialized equipment.