A little over a year ago, Bloomberg stunned the world with a report that claimed that Chinese intelligence services had figured out how to put undetectable, rice-grain-sized hardware implants into servers headed for the biggest US cloud and enterprise companies, and that when some of the victims discovered this fact, they quietly ripped out whole data-centers and replaced all their servers.
The story was all the more infamous because it prompted rare, detailed denials from the companies involved, like Apple, who have historically dealt with bad news and leaks with parsimonious, closed-lipped denials. Then came the hardware experts and security experts who delved deep into the implausibility of Bloomberg’s story, though some highly reputable experts did admit that supply chain attacks were a grossly underrated risk with potentially catastrophic outcomes.
A year later, we still don’t know what happened: how did all those nameless senior officials and ex-officials from big IT/tech companies end up telling Bloomberg the same story, especially if that story turns out to be false. The idea that a bunch of rival tech execs would cook up a conspiracy to defraud Bloomberg is, if anything, even weirder and more implausible than the idea that Chinese spooks were poisoning Supermicro’s servers and raiding data from Big Tech’s supposedly impregnable data-vaults.
That kind of Kremlinology is hard to investigate: all the facts are held by secretive giants (and maybe Chinese spies). Barring leaks, we’re just left proffering unfalsifiable theories about which conspiracy took place.
On the other hand, the plausibility of a hardware implant is much easier to investigate. Security researchers have been building proof-of-concept hardware implants for enterprise hardware and presenting them at security conferences. Late last year, Trammell Hudson presented a Supermicro implant at Germany’s Chaos Communications Congress, revealing a spot on Supermicro’s board where you could swap out a tiny resistor and replace it with an FPGA that could compromise the remote administration capabilities of the baseboard management controller.
Now, Foxguard’s Monta Elkins is about to present further work at the CS3sthlm conference in Stockholm, demonstrating a hardware implant on an enterprise Cisco firewall, using a 5mm ATtiny85 controller he removed from a $2Digispark Arduino board. The implant fits neatly — and very inconspicuously — on the mainboard of a Cisco ASA 5505 firewall. Moreover, Elkins says he deliberately made choices that could compromise the implant, for the sake of easy presentation: if he’d hidden the chip inside a radio-shielding can, it would have been even harder to detect — likewise, he could have used an even smaller controller, but it would have been harder to program.
Elkins’s implant uses the board’s serial port to recover the firewall’s password, login as its admin, and open a pathway for a hacker’s intrusion to the network. And as both Elkins and Hudson have pointed out, this is with stock hardware: a custom chip designed for this kind of thing would be much smaller and more powerful.
Neither researcher claims to have validated Bloomberg’s article, but both have demonstrated that supply chain attacks are certainly possible and potentially catastrophic.
Elkins and Hudson both emphasize that their work isn’t meant to validate Bloomberg’s tale of widespread hardware supply chain attacks with tiny chips planted in devices. They don’t even argue that it’s likely to be a common attack in the wild; both researchers point out that traditional software attacks can often give hackers just as much access, albeit not necessarily with the same stealth.
But both Elkins and Hudson argue that hardware-based espionage via supply-chain hijacking is nonetheless a technical reality, and one that may be easier to accomplish than many of the world’s security administrators realize. “What I want people to recognize is that chipping implants are not imaginary. They’re relatively straightforward,” says Elkins. “If I can do this, someone with hundreds of millions in their budget has been doing this for a while.”
Planting Tiny Spy Chips in Hardware Can Cost as Little as $200 [Andy Greenberg/Wired]
(Image: Monta Elkins)
How can a single, ill-conceived law wreak havoc in so many ways? It prevents you from making remix videos. It blocks computer security research. It keeps those with print disabilities from reading ebooks. It makes it illegal to repair people’s cars. It makes it harder to compete with tech companies by designing interoperable products. It’s even been used […]
Early versions of the free/open Unix variant BSD came with password files that included hashed passwords for such Unix luminaries as Dennis Ritchie, Stephen R. Bourne, Eric Schmidt, Brian W. Kernighan and Stuart Feldman.
A spokesperson for the Facebook-owned WhatsApp says the company has fixed a security vulnerability that let hackers take control of the messaging app by way of a malicious GIF.
There are a lot of different language apps out there because nobody learns anything the same exact way – especially not something as complex as a new language. For some people, the best way is to dive in and start talking, but that’s easier said than done if you’re not around those natives you aspire […]
There’s movie merch and then there are artifacts – one-of-a-kind items for the true fans only. These 11 items definitely fall into the latter category. We’ve unearthed movie art, props and other fan touchstones from the major nerd franchises of the last 50 years. Gaze upon these Star Wars and Marvel collectibles and don’t worry. […]
No matter what kind of office you work at, there’s probably an Excel expert in it. And no wonder: Businesses are still discovering uses for one of Microsoft’s flagship software suites beyond just bare-bones spreadsheets. Make October the month you become invaluable at work by taking one of these boot camps in Excel and its […]