Author Topic: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.  (Read 78161 times)

0 Members and 9 Guests are viewing this topic.

Offline tooki

  • Super Contributor
  • ***
  • Posts: 12741
  • Country: ch
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #225 on: October 09, 2018, 01:00:16 am »
FWIW there are also EMI filters in similar package https://media.digikey.com/pdf/Data%20Sheets/Murata%20PDFs/NFA31C_Series(1206%20Size).pdf
As I said earlier, I dunno if this story has any truth in it. I just consider it technically feasible. IIRC article called rogue component disguised as "filter". Picture probably is just something they googled as filter.
They specifically said “signal conditioning coupler”, which a bit of googling showed to be RF devices.
 

Offline cdev

  • Super Contributor
  • ***
  • !
  • Posts: 7350
  • Country: 00
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #226 on: October 09, 2018, 02:47:58 am »
They may simply be fancy feed through caps, i.e. bypass caps.. "fancy" name for which is now filter. (Maybe there is an inductor, i.e. spiral structure in there along with the capacitance.)

Also, we're forgetting that with multinational public companies, they have a legal obligation to treat all countries the same. If they install a back door for one, they have to do it for all of them.

They are not allowed to discriminate on any basis other than money.

Whichever countries are their bigge$t customers come first.
« Last Edit: October 09, 2018, 02:54:41 am by cdev »
"What the large print giveth, the small print taketh away."
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #227 on: October 09, 2018, 03:16:45 am »
Jeezus... you two come along and the IQ in here increases 50 points...

mnem
And then I come along and...  :palm:
That's about 25 points each.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #228 on: October 09, 2018, 03:25:19 am »
They may simply be fancy feed through caps, i.e. bypass caps.. "fancy" name for which is now filter. (Maybe there is an inductor, i.e. spiral structure in there along with the capacitance.)

Also, we're forgetting that with multinational public companies, they have a legal obligation to treat all countries the same. If they install a back door for one, they have to do it for all of them.

They are not allowed to discriminate on any basis other than money.

Whichever countries are their bigge$t customers come first.
According to who do they have that obligation? A company is to obey the law, in whichever form it locally comes up to and including gag orders and active cooperation.
 

Offline mnementh

  • Super Contributor
  • ***
  • Posts: 17541
  • Country: us
  • *Hiding in the Dwagon-Cave*
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #229 on: October 09, 2018, 05:26:46 am »
Jeezus... you two come along and the IQ in here increases 50 points...

mnem
And then I come along and...  :palm:
That's about 25 points each.
Not exactly; IQ is by definition an average scale, as well as being weighted median. To make such a shift indicates a huge disparity between the groups in question. It was a deliberate play on a phrase recently popularized by Sherlock, "Don't talk out loud, you lower the IQ of the whole street."

To wit, there is a lot of egregiously dumb shit flying around this thread.

mnem
*Anything I put here would not improve on silence*
alt-codes work here:  alt-0128 = €  alt-156 = £  alt-0216 = Ø  alt-225 = ß  alt-230 = µ  alt-234 = Ω  alt-236 = ∞  alt-248 = °
 

Offline technix

  • Super Contributor
  • ***
  • Posts: 3508
  • Country: cn
  • From Shanghai With Love
    • My Untitled Blog
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #230 on: October 09, 2018, 06:11:03 am »
Here is the thing: the best way on a server motherboard to hide a backdoor here is to ship the ASPEED chip with a compromised firmware. Putting suspicion on those small components seem to make no sense to me. The ASPEED chip has an internal bootloader for its ARM9 or ARM11 processor, through abusing this with just software any code can be hidden.
 
The following users thanked this post: thm_w, tooki

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #231 on: October 09, 2018, 06:30:01 am »
Not exactly; IQ is by definition an average scale, as well as being weighted median. To make such a shift indicates a huge disparity between the groups in question. It was a deliberate play on a phrase recently popularized by Sherlock, "Don't talk out loud, you lower the IQ of the whole street."

To wit, there is a lot of egregiously dumb shit flying around this thread.

mnem
*Anything I put here would not improve on silence*
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23096
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #232 on: October 09, 2018, 07:09:56 am »
Here is the thing: the best way on a server motherboard to hide a backdoor here is to ship the ASPEED chip with a compromised firmware. Putting suspicion on those small components seem to make no sense to me. The ASPEED chip has an internal bootloader for its ARM9 or ARM11 processor, through abusing this with just software any code can be hidden.

Exactly that. I mentioned that earlier.
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 10576
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #233 on: October 09, 2018, 10:29:01 am »
Jeezus... you two come along and the IQ in here increases 50 points...

mnem
And then I come along and...  :palm:
That's about 25 points each.

I think you're being generous.  :)
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 
The following users thanked this post: Mr. Scram

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 10576
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #234 on: October 09, 2018, 10:33:35 am »
They may simply be fancy feed through caps, i.e. bypass caps.. "fancy" name for which is now filter. (Maybe there is an inductor, i.e. spiral structure in there along with the capacitance.)

Also, we're forgetting that with multinational public companies, they have a legal obligation to treat all countries the same. If they install a back door for one, they have to do it for all of them.

They are not allowed to discriminate on any basis other than money.

Whichever countries are their bigge$t customers come first.
According to who do they have that obligation? A company is to obey the law, in whichever form it locally comes up to and including gag orders and active cooperation.

He's joking. Actually, I thought it was quite wry.
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23096
  • Country: gb
 
The following users thanked this post: Cerebus, Mr. Scram

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #236 on: October 09, 2018, 11:21:30 am »
He's joking. Actually, I thought it was quite wry.
Poe's Law and all.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #237 on: October 09, 2018, 11:22:50 am »
https://www.documentcloud.org/documents/4995755-Apple-Bloomberg-Congressional-Letter.html
This is an "Is true!" and "Nu-uh!" on international level. Did Bloomberg ever follow up on their initial claims?
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23096
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #238 on: October 09, 2018, 11:27:36 am »
No they posted an opinion piece then slithered off.
 
The following users thanked this post: tooki

Offline technix

  • Super Contributor
  • ***
  • Posts: 3508
  • Country: cn
  • From Shanghai With Love
    • My Untitled Blog
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #239 on: October 09, 2018, 11:57:45 am »
Why do I sense some smear happening on that opinion piece? Too bad the sources are obscured, otherwise a deeper research can reveal some peculiarities and interesting tidbits.
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23096
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #240 on: October 09, 2018, 12:00:12 pm »
The sources aren't as obscured as they hoped.

https://risky.biz/RB517_feature/
 

Offline coppercone2

  • Super Contributor
  • ***
  • Posts: 10780
  • Country: us
  • $
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #241 on: October 09, 2018, 12:01:17 pm »
I honestly don't know about the minimum size, but a procedure might be when accepting this shit into high security facilities to download and checksum all the firmwares before use with code the company provided.

The chip might have a reciever or some other trick circuit in it to use the SPI line as a antenna, so a van drives around and activates it after its installed. It's really small though. I don't know if you could some how highjack the memory of another non-essential component on the PCB to act as a memory for the parasite chip or something like that (how would you tap into the CS line?).. it could passively turn on every once in a while to listen for some kind of radio signal to trigger it. I don't know how you would get a long time delay in a chip like that without some kind of external trigger, you can't put a big RC in there or something because its tiny.

The reasoning being that motherboards have a ton of crap thats often not used (audio driver on a server motherboard) that is possibly connected to the same SPI chain, so you could then download the memory from the chip being flashed, write it into another chip that acts as a data storage.. but how? The idea being kind of like the bus driver in the mafia mystery murder games.

Does anyone have a block diagram of the motherboards driver chain IC's etc?
« Last Edit: October 09, 2018, 12:05:51 pm by coppercone2 »
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 10576
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #242 on: October 09, 2018, 12:03:32 pm »
I've just read the Apple letter to the congressional Committee on Commerce, Science and Transportation (bd139 has the link above).

I've read a lot of "non-denial denials" over the years, and I think I know how to spot one now. The Apple letter has none of the characteristics of a "non-denial denial", it lacks the over-specific denials, weasel words or tone that characterises them. It sounds like a honest denial that should be taken at face value.

Although this whole issue is still in a fog, it's increasingly looking like the Bloomberg story is a pile of steaming manure.

Bloomberg have a reputation to maintain - ultimately in the serious news business it's all you have. So it is not in Bloomberg's interests to create a 9 days wonder story in the way a piece-of-arsewipe tabloid might to sell a few extra copies - "Major IT Suppliers Compromised by Spies" is not "Kim Kardashian's Cosmetic Surgeon Says Left Buttock is Fake". You can bet that with a story of this significance and apparent long research time, that layers of Bloomberg's management and lawyers would have been over the story before it got the green light to publish. So I think we can discount that Bloomberg deliberately created a fake story out of thin air.

So if we accept Apple's denials and (tentatively?) those of the other named parties and discount the possibility that Bloomberg deliberately fabricated this, that just leaves malicious action on the part of a third party in planting the story with Bloomberg. Claims that some shadowy US government department or the US political apparatus ordered Bloomberg to publish this are not credible. Bloomberg has both good enough lawyers and enough ability to expose such a thing publicly by publishing, that it would be both legally and politically unthinkable. That just leaves an organisation with enough manpower and experience to run an operation designed to get Bloomberg to believe the story - which surely means the intelligence/espionage apparatus of some state level actor or similar. If we accept that, the next question has to be the old one, cui bono, who benefits?

Answering that question takes us down the rabbit hole of conspiracy theory. Not the Chinese, obviously. The French? I wouldn't put it past them, just for spite. The British? No real benefit to them. The "deep state" or someone trying to implicate the "deep state"? The illuminati? The tri-lateral commission? Scientology? Like I said, rabbit hole.

Realistic answers might include: Russia - detracts from the various investigations into their interference into US politics, plus they hate China. Domestic political groups - stir up righteous patriotic fervour with mid-terms coming (against: maybe rather too competent an operation for political rabble rousing). Israel - again, mid-terms, electing right wing pro-israeli candidates might make a little sense but not very much, but the Israelis have demonstrated in the past that they are prepared to do stupidly destructive things to gain a little advantage for themselves so it's not completely beyond reason. Any other sensibly plausible actors?

Edited to add: I'm dismissing straight cock-up theory because of the huge number of sources and the layers of approval that (at least in theory) this ought to have gone through at Bloomberg. If I'm wrong, then the level of journalistic competence shown is less than I could manage if I was simultaneously the most drunk I have ever been, with both hands tied behind my back, with an eyepatch on and just after someone's shot me in the left leg.
« Last Edit: October 09, 2018, 12:26:38 pm by Cerebus »
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 
The following users thanked this post: tooki, bd139

Offline coppercone2

  • Super Contributor
  • ***
  • Posts: 10780
  • Country: us
  • $
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #243 on: October 09, 2018, 12:11:04 pm »
i would like to see block diagrams of the circuits proposed for some kind of time delay code injection and schematics of the mother board, that way a spec for the spy chip could be developed to see if its feasible from a integration standpoint based on the routing and feasible based on die size etc to see what technologies would need to be used

also it can be some kind of simple impedance chip designed to severely fuck with the EMI performance of the device, act as a mixer, cause a severe reflection or otherwise change the PCB to make it more susceptible to a TEMPEST attack, like most NSA bugs. Maybe it can disclose a encryption key from far away some how or lower the PCB suceptance.

I
« Last Edit: October 09, 2018, 12:14:56 pm by coppercone2 »
 

Offline mnementh

  • Super Contributor
  • ***
  • Posts: 17541
  • Country: us
  • *Hiding in the Dwagon-Cave*
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #244 on: October 09, 2018, 12:19:35 pm »
The best "opinions" I've seen on this so far (from multiple sources) boil down to:

"I'd be surprised if this weren't happening by now."

"They pwned the hardware side ages ago. Why eff around with someone else's software?"

"Don't try to teach your grandmother how to cook cabbage."

"They couldn't find their arse with both hands and a seeing eye dog."

"Trust noone."

mnem
"Holy mother of god and all her wacky nephews..."
alt-codes work here:  alt-0128 = €  alt-156 = £  alt-0216 = Ø  alt-225 = ß  alt-230 = µ  alt-234 = Ω  alt-236 = ∞  alt-248 = °
 

Online BrianHG

  • Super Contributor
  • ***
  • Posts: 8125
  • Country: ca
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #245 on: October 09, 2018, 01:27:22 pm »
To me, this boils down to (ad don't forget we are talking about today's connected world)
1: The time and expense to affect only a bunch of networked servers, only a few of which might be use in the right place to get at what you want.
2: Spend money to develop an all software Zero Day back door hack which works online and get access to any online connected hardware you might want access to, not limited to specifically sold hardware installed at random location out of your control.

Now, with the Chinese government behind all of this, and their resources, 'today', will they bother with #1, or #2.
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 8177
  • Country: de
  • A qualified hobbyist ;)
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #246 on: October 09, 2018, 01:33:35 pm »
The chip might have a reciever or some other trick circuit in it to use the SPI line as a antenna, so a van drives around and activates it after its installed. It's really small though.

The mainboard is in a metal box called server. Multiple servers are in a metal rack (some might have a glass door) and there are tons of racks in a data center. Not very RF friendly.

The current idea of the spy chip modifying the linux firmware (stored in a flash chip) for the BMC on the fly is not very convincing. It would be easier to modify the firmware directly. A firmware update would render both methods useless and no sane network design would allow the management port to access the Internet. A spy chip would leave physical evidence of tampering behind. I'd be more concerned about Meltdown, Spectre and Foreshadow.
« Last Edit: October 09, 2018, 02:01:11 pm by madires »
 

Offline BravoV

  • Super Contributor
  • ***
  • Posts: 7549
  • Country: 00
  • +++ ATH1
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #247 on: October 09, 2018, 01:40:09 pm »
https://www.documentcloud.org/documents/4995755-Apple-Bloomberg-Congressional-Letter.html

Really curious what will happened to Amazon, when it comes to it's turn to face Congress on this matter.  >:D

Offline coppercone2

  • Super Contributor
  • ***
  • Posts: 10780
  • Country: us
  • $
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #248 on: October 09, 2018, 01:49:43 pm »
The chip might have a reciever or some other trick circuit in it to use the SPI line as a antenna, so a van drives around and activates it after its installed. It's really small though.

The mainboard is in a metal box called server. Multiple servers are in a metal rack (some might have a glass door) and there are tons of racks are in a data center. Not very RF friendly.

The current idea of the spy chip modifying the linux firmware (stored in a flash chip) for the BMC on the fly is not very convincing. It would be easier to modify the firmware directly. A firmware update would render both methods useless and no sane network design would allow the management port to access the Internet. A spy chip would leave physical evidence of tampering behind. I'd be more concerned about Meltdown, Spectre and Foreshadow.

How do you know the whole thing wont be susceptible if someone hits the building with a multi kilowatt burst of RF at close range from a directional antenna in a van? Or even have someone on foot do it with a special pack.. its not THAT hard to break into unsecured areas of a data center, I heard ridiculous stories from old penetration testers doing the darnest things to get inside a building. They can probobly get into the same hallway as the main access door with medium effort... getting into the room might be hard though.

It sounds ridiculous but someone can make billions of dollars doing this kind of shit.. technologies that seem absurd are cheap and economical to these people.

I notice that people in this thread have this idea that the attack needs to be considered a 'long term investment'. It could just be a heist.
« Last Edit: October 09, 2018, 01:55:42 pm by coppercone2 »
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23096
  • Country: gb
Re: Chinese manufacturer puts hardware backdoor onto Supermicro server boards.
« Reply #249 on: October 09, 2018, 01:55:29 pm »
LOL you've never been in a DC have you?

Even the shit ones have better security than the best MoD sites I've been on.
 
The following users thanked this post: tooki


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf