You are currently viewing SemiWiki as a guest which gives you limited access to the site. To view blog comments and experience other SemiWiki features you must be a registered member. Registration is fast, simple, and absolutely free so please, join our community today!




Results 1 to 12 of 12

Thread: Computer Virus Cripples IPhone Chipmaker TSMC Plants

  1. #1
    Admin Daniel Nenni's Avatar
    Join Date
    Aug 2010
    Location
    Silicon Valley
    Posts
    4,509
    Thumbs Up
    Received: 970
    Given: 2,455

    Computer Virus Cripples IPhone Chipmaker TSMC Plants

    Interesting but not surprising now that semiconductors have become the lifeblood of modern life. I'm sure we will hear more soon but I would be interested in other experiences with viruses and semiconductor manufacturing. Anyone? The equipment manufacturers should be shaking in their profit boots, absolutely. My guess would be China or Korea, they have the most to gain? Maybe a disgruntled worker? Stupid headline by the way.

    Computer Virus Cripples IPhone Chipmaker TSMC Plants

    “TSMC has been attacked by viruses before, but this is the first time a virus attack has affected our production lines,” Chief Financial Officer Lora Ho told Bloomberg News by phone. She wouldn’t talk about how much revenue it would lose as a result of the disruption, or whether the facilities affected were involved in making iPhone chips. “Certain factories returned to normal in a short period of time, and we expect the others will return to normal in one day,” the company said in its Saturday statement.



    0 Not allowed!
    Last edited by Daniel Nenni; 08-04-2018 at 12:14 PM.
    Now available in print or Kindle: "Mobile Unleashed: The Origin and Evolution of ARM Processors In Our Devices"

  2. #2
    Influencer
    Join Date
    Jan 2012
    Location
    San Jose, California, US
    Posts
    68
    Thumbs Up
    Received: 41
    Given: 0
    The first thing that comes to mind is Stuxnet:

    Stuxnet - Wikipedia

    0 Not allowed!
     

  3. #3
    Blogger Daniel Payne's Avatar
    Join Date
    Sep 2010
    Location
    Tualatin, OR
    Posts
    3,244
    Thumbs Up
    Received: 381
    Given: 450
    Odd, if it wasn't a hacker then how about an employee or a contractor with an infected Laptop, Tablet or even Smart Phone connected to the network?

    0 Not allowed!
    Daniel Payne, EDA Consultant
    www.MarketingEDA.com
    503.806.1662

  4. #4
    Member
    Join Date
    Feb 2015
    Posts
    1
    Thumbs Up
    Received: 0
    Given: 0
    Internal IT incompetence is likely. Considering my experience with their website (I have never been inside), I can envision even trivial viruses or cryptoware taking over very easily.

    0 Not allowed!
     

  5. #5
    Admin Daniel Nenni's Avatar
    Join Date
    Aug 2010
    Location
    Silicon Valley
    Posts
    4,509
    Thumbs Up
    Received: 970
    Given: 2,455
    TSMC Details Impact of Computer Virus Incident
    Issued by: TSMC
    Issued on: 2018/08/05

    Hsinchu, Taiwan, R.O.C., Aug 5, 2018 –
    TSMC today provided an update on the Company’s computer virus outbreak on the evening of August 3, which affected a number of computer systems and fab tools in Taiwan. The degree of infection varied by fab. TSMC contained the problem and found a solution. As of 14:00 Taiwan time, about 80% of the company’s impacted tools have been recovered, and the Company expects full recovery on August 6.

    TSMC expects this incident to cause shipment delays and additional costs. We estimate the impact to third quarter revenue to be about three percent, and impact to gross margin to be about one percentage point. The Company is confident shipments delayed in third quarter will be recovered in the fourth quarter 2018, and maintains its forecast of high single-digit revenue growth for 2018 in U.S. dollars given on July 19, 2018.

    Most of TSMC’s customers have been notified of this event, and the Company is working closely with customers on their wafer delivery schedule. The details will be communicated with each customer individually over the next few days.

    This virus outbreak occurred due to misoperation during the software installation process for a new tool, which caused a virus to spread once the tool was connected to the Company’s computer network. Data integrity and confidential information was not compromised. TSMC has taken actions to close this security gap and further strengthen security measures.

    1 Not allowed!
    Now available in print or Kindle: "Mobile Unleashed: The Origin and Evolution of ARM Processors In Our Devices"

  6. #6
    Top Influencer
    Join Date
    Jul 2014
    Posts
    112
    Thumbs Up
    Received: 51
    Given: 24
    Securing the supply chain is essential. You can see a cloud approach to this with the Cerberus work on OCP, but the same kind of diligence has to be much more widespread. Also look at Sphere - only implemented in one SOC at the moment, but an in-depth and portable approach.

    0 Not allowed!
     

  7. #7
    Expert
    Join Date
    Apr 2013
    Location
    East SF Bay Area
    Posts
    1,513
    Thumbs Up
    Received: 438
    Given: 406
    The real question is who is behind this attack, what is its true purpose and goal and how it will be handled. With the political power and resources of TSM and its key customers, TSM will get to the bottom of this. They will find their target and I would not want to be in their place.

    0 Not allowed!
     

  8. #8
    Expert
    Join Date
    Apr 2013
    Location
    East SF Bay Area
    Posts
    1,513
    Thumbs Up
    Received: 438
    Given: 406

    Reasons for TSM Attack

    It will come out who is behind the cyber attack on TSM or if it is just a random virus, which I doubt. If it is found to be a random attack, its someone that is so far in over their head, they will be getting a lesson in real power that they don't have a clue about. If it is a deliberate targeted attack the company or nation state that launched it has opened up a mess for themselves and all around them. We are just seeing the very first chapter of this play out. There is also the possibility of a confidential deal being reached, but the price of this would be staggeringly high to the point their might not be a way to keep it confidential in the long term.
    How ever this plays out, TSM and their partners will be far tougher and more dangerous target in the future. If it is a nation state behind it and they are exposed, the repercussions will be staggering. I hope something very positive comes out of this where all come together for their mutual benefit and a better future. We are entering a whole new world and let's all try to make it better than the one we are leaving behind, wisdom, intelligence required and careful thought required. This should be a learning experience for a better future.

    Comments, thoughts, ideas and solutions solicited and wanted

    0 Not allowed!
    Last edited by Arthur Hanson; 08-06-2018 at 10:28 AM.
     

  9. #9
    Admin Daniel Nenni's Avatar
    Join Date
    Aug 2010
    Location
    Silicon Valley
    Posts
    4,509
    Thumbs Up
    Received: 970
    Given: 2,455
    I like how analysts and the media are running away with this:

    Mark Li, an analyst at Sanford C. Bernstein, said he thinks all of TSMC’s 12-inch wafer fabrication plants had been infected and that many customers had been affected, though the impact will be “very limited” because the company can make up for the losses during the busiest holiday quarter. TSMC makes Apple chips in its 12-inch fabrication plants.

    He thinks? What an irresponsible thing to say. I'm guessing he recommended his clients short TSMC before saying this.

    “Long-term, TSMC’s trustworthy image is somewhat tainted but it is hard to quantify the effect now,” Li wrote in a research note Monday

    Complete and utter nonsense!

    No hacker targeted TSMC, CC Wei said, explaining that the infected production tool was provided by an unidentified vendor. The company is overhauling its procedures after encountering a virus more complex than initially thought, he said. “We are surprised and shocked,” Wei told reporters. “We have installed tens of thousands of tools before, and this is the first time this happened.”

    That "unidentified" vendor will pay dearly for this, absolutely.

    1 Not allowed!
    Now available in print or Kindle: "Mobile Unleashed: The Origin and Evolution of ARM Processors In Our Devices"

  10. #10
    Top Influencer
    Join Date
    Jul 2014
    Posts
    112
    Thumbs Up
    Received: 51
    Given: 24
    I work for a company that is attacked constantly and has to invest heavily in defense. I am sure TSMC is also a high value target. The real surprise here is how easily the attack spread. But also, that could not be a sophisticated attacker, they would not have tipped their hand. So one concludes they were vulnerable to the spread of something amateur.

    Now what should have happened is that anything amateur could not escape the tool it infected when the tool was installed. If that did not happen, then what must already be infecting them from serious hackers who probably see the entry as child's play? This event is disturbing.

    0 Not allowed!
     

  11. #11
    Expert
    Join Date
    Apr 2013
    Location
    East SF Bay Area
    Posts
    1,513
    Thumbs Up
    Received: 438
    Given: 406
    Dan, even though it looks random, it may not be. This is more a strategic question than a technical one. This could be a multi prong attack where several devices are carrying the needed attack code and the attacker hopes one will get through. I have been around many extremely brilliant strategist and it's literally a field to itself. As outsiders we will probably never know all the details and TSM shouldn't release them for this just gives the attacker more data to work with on any target. Strategist are a breed unto themselves, that I have studied for years. The very best are the ones you don't know about and never will. They can be on both sides, good and bad or even agnostic. Some of the very best have developed on their own without outside training and one of my friends that is a technologist and was a professional paid white hat found some that are utterly brilliant and know how to not only think outside the box, but don't even have a concept of what a box is. They are so far out there, others don't even have a concept. I'm sure TSM is smart enough to get to the true bottom of this, but will probably have to go outside to find it. I hope they do, they are one of my large positions. An ounce of strategy can easily be stronger than a ton of brain power, they are different animals entirely and I do know. I find them amazing.

    I figured out how to penetrate one of the highest security installations on the planet and went head to head with two of their very top people and given legal orders binding me to confidentiality and I just had field tech experience at the time.

    0 Not allowed!
    Last edited by Arthur Hanson; 08-07-2018 at 09:31 AM.
     

  12. #12
    Member
    Join Date
    Aug 2018
    Posts
    1
    Thumbs Up
    Received: 1
    Given: 0
    Given that the virus is claimed to be wanna cry; the most likely issue was this:
    The tool vendor configured the tool control computer in their internal network which was fire walled, but bridged to the outside network. Their master copy of the OS was infected; but since it could see the killswitch server (see wikipedia page on wannacry) it was inactive and not detected.
    Once the tool was moved to TSMC and installed in their air-gapped network, the virus could no longer see the killswitch server and became active again.

    1 Not allowed!
     

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •