You are currently viewing SemiWiki as a guest which gives you limited access to the site. To view blog comments and experience other SemiWiki features you must be a registered member. Registration is fast, simple, and absolutely free so please, join our community today!




Page 2 of 2 FirstFirst 12
Results 21 to 37 of 37

Thread: The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

  1. #21
    Influencer
    Join Date
    May 2013
    Location
    Cambridge, England
    Posts
    86
    Thumbs Up
    Received: 33
    Given: 11
    Apple's letter says "While we repeatedly asked them to share specific details about the alleged malicious chips that they seemed certain existed, they were unwilling or unable to provide anything more than vague secondhand accounts." If Bloomberg can't produce some detail that makes the claim plausible to those of us who understand a bit about the technology -- what is this "grain of rice"? what is it connected to? how does it get the information out? (maybe it really is a grain of rice, I'm reminded of Dilbert's pointy-haired boss thinking an etch-a-sketch was a tablet computer) -- I for one won't be inclined to believe them.

    It wouldn't be the first time a respectable journal published something that turned out to be untrue: see Hitler Diaries - Wikipedia for instance.

    0 Not allowed!
     

  2. #22
    Top Influencer
    Join Date
    Jul 2012
    Posts
    430
    Thumbs Up
    Received: 251
    Given: 2
    Quote Originally Posted by John Grant (Nine Tiles) View Post
    Apple's letter says "While we repeatedly asked them to share specific details about the alleged malicious chips that they seemed certain existed, they were unwilling or unable to provide anything more than vague secondhand accounts." If Bloomberg can't produce some detail that makes the claim plausible to those of us who understand a bit about the technology -- what is this "grain of rice"? what is it connected to? how does it get the information out? (maybe it really is a grain of rice, I'm reminded of Dilbert's pointy-haired boss thinking an etch-a-sketch was a tablet computer) -- I for one won't be inclined to believe them.

    It wouldn't be the first time a respectable journal published something that turned out to be untrue: see Hitler Diaries - Wikipedia for instance.
    On the other hand, it also wouldn't be the first time that respectable companies have denied something embarrassing that turned out to be true.

    My suspicion is that Bloomberg really believe what they've printed, but they've been professionally scammed by someone who would dearly like to see a real trade war between China and the USA -- and there's one obvious candidate, and it's certainly not China. This would explain both Bloomberg's emphasis that they're right and Apple's that they're wrong.

    But until more real evidence one way or the other comes to light, this is all speculation...

    0 Not allowed!
     

  3. #23
    Admin Daniel Nenni's Avatar
    Join Date
    Aug 2010
    Location
    Silicon Valley
    Posts
    4,511
    Thumbs Up
    Received: 972
    Given: 2,458
    Sorry, the Bloomberg article is fake news. Literally fake news. Not figuratively like you suggest.

    0 Not allowed!
    Now available in print or Kindle: "Mobile Unleashed: The Origin and Evolution of ARM Processors In Our Devices"

  4. #24
    Member
    Join Date
    Oct 2014
    Posts
    12
    Thumbs Up
    Received: 6
    Given: 0
    Quote Originally Posted by IanD View Post
    What we have here is a respectable news source -- one which doesn't usually toss out unverified stories -- saying one thing, and other sources completely denying that what they said has any foundation in fact.
    Most, if not all, in the ICS community agree that their 2014 pipeline "cyberwar" story was a hoax. Some of the best and most authoritative reporting on the 2008 Turkey pipeline blast was done by the German quality daily Süddeutsche Zeitung:

    Turkische Pipeline-Explosion wohl kein Cyber-Angriff - Digital - Suddeutsche.de

    Apparently, their "Heartbleed" story was also flat out wrong.

    0 Not allowed!
     

  5. #25
    Top Influencer
    Join Date
    Jul 2012
    Posts
    430
    Thumbs Up
    Received: 251
    Given: 2
    @carop -- I said "usually", not "always" -- all publications get stories wrong sometimes, at least Bloomberg isn't Fox News or the Daily Mail.

    @Daniel -- you may be right, but you're making authoritative statements ("...is fake news...") with no more proof than anyone else. Unless you've got secret access to Bloomberg's sources or Apple internal documents, this is still your opinion, not a verifiable fact.

    So let's wait until more *facts* (on both sides) come out before making "fake news" statements like this; doing otherwise gives people the same credibility as Trump ;-)

    1 Not allowed!
     

  6. #26
    Influencer
    Join Date
    May 2013
    Location
    Cambridge, England
    Posts
    86
    Thumbs Up
    Received: 33
    Given: 11
    Quote Originally Posted by Daniel Nenni View Post
    Sorry, the Bloomberg article is fake news. Literally fake news. Not figuratively like you suggest.
    Why would they do that? It's not 1st April.

    0 Not allowed!
     

  7. #27
    Influencer
    Join Date
    May 2013
    Location
    Cambridge, England
    Posts
    86
    Thumbs Up
    Received: 33
    Given: 11
    Quote Originally Posted by IanD View Post
    Unless you've got secret access to Bloomberg's sources or Apple internal documents
    -- or better still to one of the servers that's supposed to have been compromised

    0 Not allowed!
     

  8. #28
    Top Influencer
    Join Date
    Aug 2013
    Posts
    180
    Thumbs Up
    Received: 38
    Given: 14
    Mercedes, volvo, bmw, samsung, google pixel, ..... can't keep any of their ip private. Apple's had issues but the clone products aren't competitive yet. Soon as someone successfully clones an iphone apple will be screaming too. Let's say it like it is there is a bigger player than apple involved.

    We've reached a point where some brands sales are significantly down. Mercedes has already discontinued the v12 because they can't afford it anymore. I wouldn't be shocked in 5 years bmw or mercedes aren't sold to the chinese. Things are that bad.

    0 Not allowed!
     

  9. #29
    Member
    Join Date
    Oct 2014
    Posts
    12
    Thumbs Up
    Received: 6
    Given: 0
    Quote Originally Posted by IanD View Post
    So let's wait until more *facts* (on both sides) come out before making "fake news" statements like this; doing otherwise gives people the same credibility as Trump ;-)
    Trump can boil in his own corrupt juices.

    A hardware implant hidden between the board layers is definitely something though. I would love to see a pic if it exits. I suspect security shops hungry for publicity are busy pulling SuperMicro boards apart ;-)

    I personally think it would be much easier to implant backdoors on motherboard components that execute firmware and are readily available on the market such as Ali Baba, Tao Bao or eBay:

    Buy the BMC chip (it is ASPEED 2400) in bulk, implant backdoor and hand over to your assembly shop:

    ????ASPEED AST2400A1-GP AST2400 BGA?? ??????-???

    According to the Snowden files, this is essentially what NSA is doing:

    Glenn Greenwald: how the NSA tampers with US-made internet routers | US news | The Guardian

    0 Not allowed!
     

  10. #30
    Influencer
    Join Date
    Sep 2011
    Posts
    94
    Thumbs Up
    Received: 30
    Given: 2
    Has anyone found and taken apart one of these chips?. So far everything is hearsay, but the story continues.

    Security researcher cited in Bloomberg's China spy chip investigation casts doubt on story's veracity [u]
    My cardioligist wanted to implant a chip in my chest that is an aternative to Holter arythmia heart monitors. I refused obviously. The chip was small enough to be injected I think without an incision. It had a battery that lasted at least a year. I would have needed to be within a foot of a table top recorder once a day that reads and transmits the data.

    0 Not allowed!
     

  11. #31
    Top Influencer
    Join Date
    Aug 2013
    Posts
    180
    Thumbs Up
    Received: 38
    Given: 14
    Ask this guy.

    Bloomberg - Are you a robot?

    You're right the case isn't as clear as it should be. Bloomberg could of done a better job but corporate espionage and of stealing of ip is going on. Companies are making clones of products before the original is released to the public.

    0 Not allowed!
     

  12. #32
    Blogger Eric Esteve's Avatar
    Join Date
    Nov 2010
    Location
    Marseille, France
    Posts
    843
    Thumbs Up
    Received: 123
    Given: 134
    Quote: " Unless this 'grain' chip can run out of solar power or wind power (fans in the system), 'power on self test' should detect any excess power being consumed."

    IF this story is true, then this chip is very small (includes few Kgates or so), and the power consumed is negligible for a server board (CPU itself consuming few 100's Watts). Second point, when you manufacture the M/B, you can add any "wire" (tracks) in the substrate to connect the chip to Vdd, Vss, and obviously to certain signals.

    I consider the mention of TSMC in this story as malicious, or showing that the person who post it really know nothing about chip design and manufacturing... Semiwiki is not the right palace for such post, too many readers understand about semiconductor, and fabs!

    0 Not allowed!
    Eric Esteve - IPnest (IP Marketing & Survey & Strategy)
    +33 608 130 656

  13. #33
    Top Influencer
    Join Date
    Jul 2014
    Posts
    112
    Thumbs Up
    Received: 51
    Given: 24
    I suggest you ignore the specifics of the article. But if your organization subcontracts for electronics from *anywhere* and that electronics routinely carries personal identifiable data of potentially economic or privacy value, you should be figuring out how to secure your supply line. Both hardware and firmware. This is not a game. Just look at what goes on with your internet, how often your home router is scanned and the verified stories of industrial or personal hacks there. Now, you seriously think those perps have not moved on to the devices? If you dream that, I have a bridge to sell you (with chips in it).

    0 Not allowed!
     

  14. #34
    Admin Daniel Nenni's Avatar
    Join Date
    Aug 2010
    Location
    Silicon Valley
    Posts
    4,511
    Thumbs Up
    Received: 972
    Given: 2,458
    Do you think they will retract? Seems to be the ethical thing to do:

    Apple CEO Tim Cook Is Calling For Bloomberg To Retract Its Chinese Spy Chip Story

    0 Not allowed!
    Now available in print or Kindle: "Mobile Unleashed: The Origin and Evolution of ARM Processors In Our Devices"

  15. #35
    Influencer
    Join Date
    May 2013
    Location
    Cambridge, England
    Posts
    86
    Thumbs Up
    Received: 33
    Given: 11
    Yes, they need to either "show us the money" or stop publishing vague allegations that don't convince anyone with a bit of knowledge of the technology.

    0 Not allowed!
     

  16. #36
    Top Influencer
    Join Date
    Jul 2012
    Posts
    430
    Thumbs Up
    Received: 251
    Given: 2
    Quote Originally Posted by John Grant (Nine Tiles) View Post
    Yes, they need to either "show us the money" or stop publishing vague allegations that don't convince anyone with a bit of knowledge of the technology.
    Yeah, like nobody believed that Cisco routers could possibly have "undetectable" hardware spying built in until the US spooks were caught intercepting shipments, opening the boxes up, installing this, then resealing them and sending them on their way...

    So if the USA can (and has) done this, why can't China?

    Not saying the Bloomberg hack did or didn't happen, just that saying "it can't/couldn't be done" is 100% wrong because it already has been...

    0 Not allowed!
     

  17. #37
    Influencer U235's Avatar
    Join Date
    May 2014
    Posts
    93
    Thumbs Up
    Received: 41
    Given: 69
    Includes links to photos -- if you haven't seen any yet.

    Making sense of the Supermicro motherboard attack | Light Blue Touchpaper

    0 Not allowed!
    EDA Application Engineer
    Interests: TCAD/ MEMS/ Silicon Photonic Circuits/ EM Simulation

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •