You are currently viewing SemiWiki as a guest which gives you limited access to the site. To view blog comments and experience other SemiWiki features you must be a registered member. Registration is fast, simple, and absolutely free so please, join our community today!




Page 1 of 2 12 LastLast
Results 1 to 20 of 37

Thread: The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

  1. #1
    Member
    Join Date
    Aug 2018
    Posts
    1
    Thumbs Up
    Received: 1
    Given: 0

    Exclamation The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

    With the news out today re: hardware hack and super micro, does anyone else think there could be a connection with TSMC? In public filings it's disclosed that the two companies do business together on the server side. The article from bloomberg out today suggests that the manufacturing process was compromised at the point of assembly, but I wonder if the parts themselves are vulnerable.

    1 Not allowed!
     

  2. #2
    Admin Daniel Nenni's Avatar
    Join Date
    Aug 2010
    Location
    Silicon Valley
    Posts
    4,580
    Thumbs Up
    Received: 1,021
    Given: 2,515
    Quote Originally Posted by jacqgara View Post
    With the news out today re: hardware hack and super micro, does anyone else think there could be a connection with TSMC? In public filings it's disclosed that the two companies do business together on the server side. The article from Bloomberg out today suggests that the manufacturing process was compromised at the point of assembly, but I wonder if the parts themselves are vulnerable.
    From reading the article it is clear the reporters have zero semiconductor experience. They say it was a "chip nested on the motherboard". Why so little technical information and why would that have anything to do with TSMC? Talk to the company who assembled the motherboards not the company who manufactures wafers.

    But someone please tell me how this chip that is "not much bigger than a grain of rice" can compromise a motherboard inside massive server farms of security minded companies like Apple and Amazon? Technically how does the data theft happen?

    The other interesting note is that this supposedly started in 2014 with many confidential sources quoted yet the companies named (including Apple and Amazon) have categorically denied it. How can a publicly traded company deny something like this if it is in fact true? The SEC needs to look closely at anyone who shorted Super Micro that is for sure.

    One thing you should know is that a security threat can be embedded on a die, in a chip package, or on a motherboard without a doubt. The motherboard would be easiest to do but would also be the easiest to detect. Packaging would be harder but it certainly can be done. Die would be even harder unless the designers did it purposely and it would also be hardest to detect.

    4 Not allowed!
    Now available in print or Kindle: "Mobile Unleashed: The Origin and Evolution of ARM Processors In Our Devices"

  3. #3
    Blogger Daniel Payne's Avatar
    Join Date
    Sep 2010
    Location
    Tualatin, OR
    Posts
    3,256
    Thumbs Up
    Received: 386
    Given: 453
    The Bloomberg article raises dire security issues for us all. Somebody at Supermicro should have a BOM for each board, and if the original design called for 25 ICs, then what gets built includes 26 ICs, you have quickly spotted the discrepancy of one added IC to the board. The malicious party would have to update the BOM and deliver their ICs just like any other component vendor does for assembly, leaving a paper trail of the sellers.

    0 Not allowed!
    Daniel Payne, EDA Consultant
    www.MarketingEDA.com
    503.806.1662

  4. #4
    Top Influencer
    Join Date
    Jul 2014
    Posts
    122
    Thumbs Up
    Received: 61
    Given: 30
    The grain sized circuit seems improbable and the players may or may not have been correctly identified. The introduction of malware one way or another into circuits in production has been reported a few times on the hacker logs, so the scenario in general seems likely to have happened. There are many entities out there who are using every trick they can find because they perceive the payoffs to be huge and the chances of punishment negligible even if something ever is found.

    It is a jungle out there. In general, not just this business. Most people play by reasonable ethics, but there are unquestionably those who do not. A successful product with an insecure supply chain might as well be a honey pot.

    2 Not allowed!
     

  5. #5
    Member
    Join Date
    Aug 2011
    Posts
    10
    Thumbs Up
    Received: 7
    Given: 5

    Exclamation The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

    Some of the best quotes:
    "Nested on the servers' motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn't part of the boards' original design...During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines...The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People's Liberation Army."


    "The chips on Elemental servers were designed to be as inconspicuous as possible, according to one person who saw a detailed report prepared for Amazon by its third-party security contractor, as well as a second person who saw digital photos and X-ray images of the chips incorporated into a later report prepared by Amazon's security team. Gray or off-white in color, they looked more like signal conditioning couplers, another common motherboard component, than microchips, and so they were unlikely to be detectable without specialized equipment. Depending on the board model, the chips varied slightly in size, suggesting that the attackers had supplied different factories with different batches."


    "Mindful of the Elemental findings, Amazon's security team conducted its own investigation into AWS's Beijing facilities and found altered motherboards there as well, including more sophisticated designs than they'd previously encountered. In one case, the malicious chips were thin enough that they'd been embedded between the layers of fiberglass onto which the other components were attached, according to one person who saw pictures of the chips. That generation of chips was smaller than a sharpened pencil tip, the person says. (Amazon denies that AWS knew of servers found in China containing malicious chips.)"


    2 Not allowed!
    Last edited by davemill; 10-05-2018 at 11:40 PM.
     

  6. #6
    Admin Daniel Nenni's Avatar
    Join Date
    Aug 2010
    Location
    Silicon Valley
    Posts
    4,580
    Thumbs Up
    Received: 1,021
    Given: 2,515
    So who do you believe?

    Apple
    "On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement."

    Amazon
    "It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental. It’s also untrue that AWS knew about servers containing malicious chips or modifications in data centers based in China, or that AWS worked with the FBI to investigate or provide data about malicious hardware."

    Supermicro
    While we would cooperate with any government investigation, we are not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard. We are not aware of any customer dropping Supermicro as a supplier for this type of issue.

    Or Bloomberg?

    If you look at the wording Apple, Amazon, and Super Micro are denying a chip hack but they are not denying malware infections that could have done the same thing. From what I am told by an IT friend Apple dropped Super Micro after a malware incident.

    0 Not allowed!
    Last edited by Daniel Nenni; 10-05-2018 at 06:36 PM.
    Now available in print or Kindle: "Mobile Unleashed: The Origin and Evolution of ARM Processors In Our Devices"

  7. #7
    Blogger Daniel Payne's Avatar
    Join Date
    Sep 2010
    Location
    Tualatin, OR
    Posts
    3,256
    Thumbs Up
    Received: 386
    Given: 453
    In my home state of Oregon we just had U.S. Senator Ron Wyden request an investigation of this hack, pointed at Elemental Technologies - now a part of Amazon.

    Wyden seeks inquiry into reported Chinese cyber attack on Portland company | OregonLive.com

    1 Not allowed!
    Daniel Payne, EDA Consultant
    www.MarketingEDA.com
    503.806.1662

  8. #8
    Member
    Join Date
    Sep 2017
    Posts
    11
    Thumbs Up
    Received: 9
    Given: 4
    That Bloomberg article looks like part of a covert propaganda campaign for continuing trade war between US and China. Dragging semi into trade war will be really bad for this industry as a whole. Apple and AWS know about this risk and refuse to be part of that propaganda machine. I am curious why OP's first and only post will further drags TSMC into the story as it does not assemble any circuit board for any one.

    1 Not allowed!
     

  9. #9
    Top Influencer
    Join Date
    Aug 2013
    Posts
    199
    Thumbs Up
    Received: 46
    Given: 16
    I don't see President Trump winning the trade war with China. China is too strong in manufacturing and in general americans won't do that sort of work.

    I could see companies in china spying without the govt consent. Trying to stay with the trends.

    0 Not allowed!
     

  10. #10
    Member
    Join Date
    Sep 2015
    Location
    Bengaluru, India
    Posts
    18
    Thumbs Up
    Received: 13
    Given: 1
    Differentiate software attacks (malware) and hardware intrusions. Unless this 'grain' chip can run out of solar power or wind power (fans in the system), 'power on self test' should detect any excess power being consumed. Communicating with satellites is even comical, for wireless capability of this grain chip has to be super advanced to communicate 'everything' to an external satellite. Else data transmitted has to go through the normal networks, in which cases, sniffing of packet data (or deep packet inspection) should tell us the intended destination. The whole thing, imo, is just political and not a penny more, not a penny less.

    0 Not allowed!
     

  11. #11
    Expert
    Join Date
    Apr 2013
    Location
    East SF Bay Area
    Posts
    1,571
    Thumbs Up
    Received: 453
    Given: 429
    At this point having listened to the latest Bloomberg reports, I'm keeping an open mind. In the tech sector we have been surprised too many times by the ingenuity applied to almost any challenge. This could be anything from a direct pipeline to a sophisticated ruse designed to spread FUD. I have little doubt we will know far more within a week or so. I have no doubt this is a power play of some type and we will know who, what and how shortly. It is and will be one of the more interesting stories of the year. It is way past time that China should become a responsible player on the world stage or eventually face the wrath of most of the world for the actions they have taken. China is pursuing a game where everyone will loose something, when with cooperation everyone could prosper greatly.

    0 Not allowed!
    Last edited by Arthur Hanson; 10-07-2018 at 06:59 AM.
     

  12. #12
    Influencer
    Join Date
    May 2013
    Location
    Cambridge, England
    Posts
    90
    Thumbs Up
    Received: 35
    Given: 11
    Quote Originally Posted by RaghuramanR View Post
    Unless this 'grain' chip can run out of solar power or wind power (fans in the system), 'power on self test' should detect any excess power being consumed. Communicating with satellites is even comical, for wireless capability of this grain chip has to be super advanced to communicate 'everything' to an external satellite.
    Servers seem to take hundreds of amps these days, so adding one small chip might not be noticeable. I agree that satellite comms is a non-starter, though, if only because the board will be inside a metal box inside a rack inside a shed. The other issue with the "grain-sized" chip is that a package that size won't have many pins, so wouldn't be able to sniff a 64-bit bus, for example.

    0 Not allowed!
     

  13. #13
    Member
    Join Date
    Sep 2018
    Posts
    2
    Thumbs Up
    Received: 0
    Given: 0
    And this chip that is the "size of a grain of rice"--notice the way they use rice, China, hmmmm can be x-rayed / viewed with an electron microscope and the functions can be determined relatively easily by an engineer with knowledge of this type of chip. But that hasn't been done, or if it has, where is the commentary on what was found? So, so, so many questions, and the denials are not "no comment" denials from AAPL, AMZN, and SMCI, they are researched and well thought out denials. SMCI's stock was down 60% at one point off of this news, so people better have their facts straight. And oh, btw, yes SMCI is in Taiwan, but that is where the enemies of Mao went, not the friends...

    0 Not allowed!
     

  14. #14
    Member
    Join Date
    Jul 2018
    Posts
    1
    Thumbs Up
    Received: 4
    Given: 0
    Quote Originally Posted by John Grant (Nine Tiles) View Post
    The other issue with the "grain-sized" chip is that a package that size won't have many pins, so wouldn't be able to sniff a 64-bit bus, for example.
    Perhaps you would not need to have the hacked chip connected to a 64-bit bus ; maybe the hack was done with a serial bus like SPI or I2C, so then you would only need a few pins.

    The article mentions a Baseboard Management Controller and firmware, so perhaps the hack altered the BMC's firmware to enable a backdoor mechanism into the BMC. Firmware can often be located inside an NVM/Flash located on the board which connects to the BMC through a serial bus like SPI, where the hardware hack could have been inserted. The BMC can often control many aspects of the entire server board, including network access and changing any register or memory location of the system.

    However the BMC (if it is designed correctly) will check the integrity of the firmware when it loads after reset to make sure the firmware was not altered. If even a single bit of the firmware is altered, the BMC should flag an error and halt, and that would become highly visible to the operator. So I think there would need to be some other exploit available to get past this firmware integrity check, like a bug in the hardware, disabling of the integrity check, or knowledge of the private signing key by a malicious actor.

    Amazon, in their statement denying the hacking, mentioned that they found "vulnerabilities in SuperMicro firmware".

    4 Not allowed!
    Last edited by austin944; 10-07-2018 at 12:20 PM.
     

  15. #15
    Admin Daniel Nenni's Avatar
    Join Date
    Aug 2010
    Location
    Silicon Valley
    Posts
    4,580
    Thumbs Up
    Received: 1,021
    Given: 2,515
    Homeland Security says it has no reason to doubt spy-chip denials by Apple, Amazon

    "The Department of Homeland Security is aware of the media reports of a technology supply chain compromise," the agency said in a statement Saturday. "At this time we have no reason to doubt the statements from the companies named in the story."

    Homeland Security says it has no reason to doubt spy-chip denials by Apple, Amazon - MarketWatch

    0 Not allowed!
    Now available in print or Kindle: "Mobile Unleashed: The Origin and Evolution of ARM Processors In Our Devices"

  16. #16
    Top Influencer
    Join Date
    Jul 2012
    Posts
    455
    Thumbs Up
    Received: 282
    Given: 2
    Quote Originally Posted by Daniel Nenni View Post
    Homeland Security says it has no reason to doubt spy-chip denials by Apple, Amazon

    "The Department of Homeland Security is aware of the media reports of a technology supply chain compromise," the agency said in a statement Saturday. "At this time we have no reason to doubt the statements from the companies named in the story."

    Homeland Security says it has no reason to doubt spy-chip denials by Apple, Amazon - MarketWatch
    Conspiracy theorists would probably say that Homeland Security would say that to cover up the fact they missed this -- or they already knew about it and have been exploiting it to spy on everybody... ;-)

    2 Not allowed!
     

  17. #17
    Blogger
    Join Date
    Jan 2011
    Location
    The land of beer and chocolate
    Posts
    956
    Thumbs Up
    Received: 252
    Given: 334
    Quote Originally Posted by IanD View Post
    Conspiracy theorists would probably say that Homeland Security would say that to cover up the fact they missed this -- or they already knew about it and have been exploiting it to spy on everybody... ;-)
    No, it's because the CIA put the chips there when the boards were going through customs...
    I love conspiracy theories.

    0 Not allowed!
    Trust me ...
    I know what I am doing.

  18. #18
    Admin Daniel Nenni's Avatar
    Join Date
    Aug 2010
    Location
    Silicon Valley
    Posts
    4,580
    Thumbs Up
    Received: 1,021
    Given: 2,515
    Apple's letter to Congress:

    Letter October 8th Version | Online Safety & Privacy | Computer Security

    Seriously fake news.

    0 Not allowed!
    Now available in print or Kindle: "Mobile Unleashed: The Origin and Evolution of ARM Processors In Our Devices"

  19. #19
    Top Influencer
    Join Date
    Aug 2013
    Posts
    199
    Thumbs Up
    Received: 46
    Given: 16
    This isn't a donald trump smear piece.

    I believe corporate espionage and stealing is going on, there's too much money to made. Everyone is too afraid of chinese manufacturing to say something.

    1 Not allowed!
     

  20. #20
    Top Influencer
    Join Date
    Jul 2012
    Posts
    455
    Thumbs Up
    Received: 282
    Given: 2
    Quote Originally Posted by Daniel Nenni View Post
    Apple's letter to Congress:

    Letter October 8th Version | Online Safety & Privacy | Computer Security

    Seriously fake news.
    So, you mean the Apple letter is seriously fake news? ;-)

    The Trump meme of denouncing everything you don't agree with as "fake news" is seriously pi**ing me off. What we have here is a respectable news source -- one which doesn't usually toss out unverified stories -- saying one thing, and other sources completely denying that what they said has any foundation in fact.

    Going by past stories like this (Watergate, WikiLeaks, Panama Papers, US collusion in torture, friendly fire wedding party deaths...) it's perfectly possible that the Bloomberg is right and all the denials are either deluded, lying, covering up, or all three. It's also perfectly possible that Bloomberg has had the wool pulled over their eyes, possible by some external agency who want to sow doubt and division in the US, possibly at the expense of China -- now who could that be, I wonder, maybe somebody who likes to appear without a shirt riding a horse? The least likely scenario is that Bloomberg made it all up to get publicity, because this could destroy them.

    So please everybody, don't just label things you don't like or agree with as "fake news", only infantile blonde narcissists do that -- I mean Boris Johnson, obviously ;-)

    4 Not allowed!
     

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •