Announcing The Supermicro Spy Chip Sequel

Source: The Register Announcing The Supermicro Spy Chip Sequel

Bloomburg Doubles Down On Their Story From 2018

If you had thought that the story about the mysterious and possibly invisible spy chip Bloomberg reported on a couple of years back would peter out after they failed to present much in the way of evidence then you are going to be disappointed by their recent follow up article.  It continues to allege the existence of secretly added malicious chips and added in a new facet, accusing the Chinese government of hiding code in the spare memory of BIOS chips on the motherboards.  This additional code is reported to “load into the machine’s main memory” and run a service which would then phone home to somewhere.

As evidence that this could happen they cite three previously discovered attacks, the the 2010 discovery that thousands of DoD computers were sending military network data to China, the 2014 attack against Intel where a Chinese based hacking group compromised one of their supplier’s update sites to gain access to their network and finally a 2015 FBI warning to a large number of corporations that a extra chip with back-doored code had been installed on certain server motherboards.

Those three cited incidents did indeed happen, and Bloomberg also missed dozens of other examples over the years but there is a difference between those examples and the story which Bloomberg published.  In each of those three cases the code, or hardware, was discovered and evidenced was published.  The exact details were not fully revealed to protect certain architectural details or proprietary code, but enough was published for security researchers to confirm the code existed and could do what was claimed.

In Bloomberg’s article, we have none of these details nor have they offered evidence of the existence of the extra chip added to Supermicro boards which is why Supermicro’s response to their follow up story is rather dismissive.  This kind of attack has occurred in the past and carries on today, however offering accusations without any proof not only makes the jobs of security professionals more difficult but also obfuscates the very real vulnerabilities currently being leveraged.

The Register has details here if you don’t want to deal with Bloomberg’s paywall.

Bloomberg’s story is a mishmash of disparate and inaccurate allegations that date back many years. It draws farfetched conclusions that once again don’t withstand scrutiny.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

1 Comment

  1. Dick

    So no facts just more hearsay.

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!