Questions from experts on 'Embedding spy chips on server motherboard', while new information from Bloomberg

by Chris Nguyen

"A chip to steal data during the manufacturing process was installed on the Supermicro server motherboard used by Apple and Amazon (AWS), " Bloomberg reported on October 4, 2018 local time. Bloomberg reports new information that there is a case that embedding is done also in the connector for Ethernet connection, although skeptical opinion is also given from the security experts and the like to the article .

Risky Business Feature: Named source in "The Big Hack" has doubts about the story - Risky Business
https://risky.biz/RB517_feature/

Bloomberg source told them spy chip story "did not make sense" - 9to 5Mac
https://9to5mac.com/2018/10/09/bloomberg/

Security researcher cited in Bloomberg's China spy chip investigation casts doubt on story's veracity
https://appleinsider.com/articles/18/10/08/security-researcher-cited-in-bloombergs-china-spy-chip-investigation-casts-doubt-on-storys-veracity

A security expert, Joe Fitzpatrick , commented on an article reporting "The Big Hack" that chips were packed in Supermicro hardware, said that "Risky Business In the podcast of "I showed skeptical views on the article.

According to Mr. Fitzpatrick, as mentioned in the article, "Although the technique itself as hardware implant itself can be satisfactory", evidence will remain in the form of a chip in actually "spying" There is no need to intervene in the manufacturing process in any way, it is more certain that the person who attacked from the software side is more reliable. Also, even if a hardware implant is done, I heard that I have never seen a case where I put backdoor on the server.

Likewise, Robert M. Lee, security expert, criticized that Bloomberg's reporter dealing with this issue has insufficient technical knowledge and so far no reliable evidence has been shown is.

I have nothing to add on the super micro story but here's my experience with the journalists (1 / x) Thread: the same Bloomberg journalists that covered the same Bloomberg journalists That covered the super story have covered technical stories that I've been involved in calling out before.

- Robert M. Lee (@ Robert MLee) October 9, 2018

But in that, Bloomberg says that "new evidence that Supermicro's hardware was hacked was found at US telecom," he said.

New Evidence of Hacked Supermicro Hardware Found in US Telecom - Bloomberg
https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-us-telecom

This article is based on information from Mr. Yossi Appleboum of security company · Sepio Systems. According to the information, the embedding of a "malicious chip" was made by a manufacturer to a Supermicro motherboard upon request from a Chinese intelligence agency. In August 2018, US Telecom discovered the chip and removed it, "Supermicro is one of the victims and other vendors of equipment manufactured in China also have similar That is being done. "

Although there was no direct reply from the Ministry of Foreign Affairs of China by Supermicro, there was a comment saying "It is a common matter of concern and that China is also a victim".