Why spend 2 paragraphs talking about how DRAM chips cannot be intercepted because of large number of lines only to get to the point later and say "BMC chips are more probable"?
This is obvious. This article is annoying to read.
It wasn’t obvious to me. I’m glad they took the time to explain that. I never thought that RAM pins were multiplexed. I never thought about RAM pins at all.
It seems weird because the Bloomberg article says they were connected to the BMC:
> The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers
The discussion of DRAM only really seems necessary if that _isn't_ plausible.
Just give me the option to totally disable this functionality. I understand why farms need it, but I should be able to turn it off. That and Intel AMT.
>Saying there is a vulnerability in a BMC is like saying the sun is hot.
This was my thought upon hearing the story when it broke this morning. There has to either be more to it, or I suppose..less. I did wonder if it was some sort of false flag op designed to make people in the US fearful about Chinese Hacking. Based on the people I've spoken to, inside the industry today, it has succeeded.
We’re seeing a lot of anti Chinese and anti Russian news. I have a tendency to believe them but at the same time there’s of course never going to be reported in the US what we are doing.
> there’s of course never going to be reported in the US what we are doing
That doesn't square with all the reports on US domestic and international spying, much of it in the NY Times, not to mention The Intercept and others. How do you think we know about it? Not from Chinese and Russian newspapers.
> We’re seeing a lot of anti Chinese and anti Russian news
Hmmm ... maybe we're seeing a lot of Chinese and Russian activity. If you look at coverage of the current US President, you might notice a lot of 'anti-US' news also. Under the prior administration, there was a lot of that on Fox News and in the Wall Street Journal.
Patrick Kennedy missed the point of the Bloomberg article, there. Bloomberg pointed out that the qualitative difference is that this is not an exploit of some existing BMC firmware vulnerability. It is the sly introduction of subverted hardware at the point of manufacture and the corruption of the supply chain. It's not the BMC that is the locus of the vulnerability, but the supply chain itself. People had hypothesized this over the years. The Bloomberg report points out that it is a threat model that people seemed unwilling to pay attention to for economic and political reasons. That report, if true, is tantamount to "Yes, you were right about the threat; and this is not a hypothetical any more. China actually did it some years ago.".
> Bloomberg says it is in line with memory to CPUs to intercept some password validation code
I think that's a misreading of their article. They were not claiming that's what was actually done, they just provided that as an example of what a HW attacker could do. Later on I remember them saying that the malicious part was connected to the BMC, not the main CPU. If there's a serious USB vuln in the BMC, then four wires could be enough to compromise it and gain God Mode over the early x86 SW environment.
I thought the article was implying the attack involves the BMC's capability to supply (or change) a boot image. However I'm not sure how that would be able to defeat boot image signing and storage encryption.
It's possible that some servers hang the BIOS flash off the BMC, or (more likely) at least have some way for the BMC to write to it - if not by design, then through a HW vuln further up the stack.
And I believe that once you control the BIOS image you control the boot chain of trust.
Getting them to take your money in exchange for that utility turns out to be hard. I seem to recall figuring out a way to work around the lack of it, but details have been paved out. I think it involved building the OS-based BIOS flashing tool from source.
You can flash the BIOS from BMC on some SuperMicro motherboards. But wait..you can flash the bios from the OS on many machines so why is this a new more dangerous attack vector? Because SM can sign their own BIOS image?
As a matter of routine, nobody with a clue would ever allow public Internet connectivity to the BMC NIC. They would also never allow the "bridge" mode where the BMC NIC gets logically connected to one of the primary NICs (useful if you want to spin up a box with only one drop cable in the lab). I wondered if perhaps the attack involved subverting the air gap between the BMC NIC and a primary NIC. Perhaps a reason to use https://en.wikipedia.org/wiki/IEEE_802.1X
In the other threads it has been mentioned that this hypothetical attack could run similarly to the US/Xerox op in the Cold War. The Xerox machines recorded data which was collected by a Xerox technician during regular maintenance. A board with a trojan chip on it could potentially record data to be collected during an RMA. No need for network transmission.
Heck, you can find millions of pages of highly confidential documentation in any Xerox copier junkyard--it's all standardly copied to their internal disks, which are never cleaned on junking.
This caused a small stink a while back but I doubt if anything's changed.
The article did mention something around the lines of "the compromised machines could talk to other compromised machines on a network" so I guess the idea is to find a compromised machine close enough to an edge network to reach a C&C server?
> If the FBI, or other intelligence officials, had reason to believe Supermicro hardware was compromised, then we would expect it would have taken less than a few years for this procurement to stop.
From the perspective of someone who merely reads what experts write, that isn't true at all. If you have information on your enemy's operations and they are unaware, you have the information advantage and you don't give it up. You use it to monitor them, trace their activities: For example, where does the connection go? And where does the information go from there? Plant malware in whatever is sent back in order to trace who accesses it and maybe give you a backdoor, or if you can't do that plant false information and see where it turns up. Also, who is physically planting the PCB? Mine them, their activities, and social network for more intel.
Also undermine your enemy with false information and by shutting them down not now, reactively, but at the worst possible time for them - when the crisis hits in the South China Sea or Taiwan, pull the plug on their intel or start feeding it false info. And in the meantime, avoid giving them anything too valuable.
On one hand, undoubtedly I have massive blinds spots in my knowledge and the details are probably somehow wrong. On the other, I'm somewhat confident that many times, an intelligence agency would not reveal what they know and would do the kinds of things I'm discussing.
Disappointed that there was not any actual technical substance to this article aside from the pictures of the boards. I was excited for a moment, hoping they'd get further until the details, but it ended up in some opinionated rant about how the SEC should get involved.
Thanks for this investigation. I was trying to think of what an actor in a position to insert such chips at a manufacturing level would actually want. You've got some tough limitations - you want a security hole that you can exploit on highly firewalled, monitored, and locked-down servers running a variety of software types. But it also needs to be hard to detect and exploit without knowing some sort of secret. If anyone notices you using the exploit, you're screwed. If any security researcher or black-hat hacker finds it too, you're also screwed. It'd have to be pretty good to avoid that, since those guys are probably fuzzing servers all the time. You'd have to be very careful how you used it - if anybody traces a known data breach to this, then you're screwed too.
Presuming you can get control of the BMC and transmit arbitrary network traffic, you'd have to limit it somehow. At least some of the compromised servers would be installed in places where any unexpected outgoing network traffic would be noticed and investigated. Large amounts of detectable traffic could be generated too if these things are all pinging away at something. You'd have to trigger it somehow I suppose. But what kind of trigger can you set up on a server running an unknown OS in unknown configuration that may be behind lots of firewalls? Are we sending some kind of weird magic packet to the server? If I was Google or something, I'd have dumb filtering firewalls set up in front of my servers that drop anything that doesn't look like normal network traffic, just to keep any random person from fuzzing the server and triggering some weird unknown bug.
I like servethehome.com as a good place to learn about people running servers in their home (thus the name), but that wasn't the greatest article. Look into their forums for more interesting technical discussion.
I still don't get why they need to make a custom chip and embed it in the PCB just to subvert a chip (BMC) that they also supply (or can at least change the firmware for)??
29 comments
[ 4.9 ms ] story [ 69.4 ms ] threadThis is obvious. This article is annoying to read.
> The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers
The discussion of DRAM only really seems necessary if that _isn't_ plausible.
This was my thought upon hearing the story when it broke this morning. There has to either be more to it, or I suppose..less. I did wonder if it was some sort of false flag op designed to make people in the US fearful about Chinese Hacking. Based on the people I've spoken to, inside the industry today, it has succeeded.
That doesn't square with all the reports on US domestic and international spying, much of it in the NY Times, not to mention The Intercept and others. How do you think we know about it? Not from Chinese and Russian newspapers.
> We’re seeing a lot of anti Chinese and anti Russian news
Hmmm ... maybe we're seeing a lot of Chinese and Russian activity. If you look at coverage of the current US President, you might notice a lot of 'anti-US' news also. Under the prior administration, there was a lot of that on Fox News and in the Wall Street Journal.
I think that's a misreading of their article. They were not claiming that's what was actually done, they just provided that as an example of what a HW attacker could do. Later on I remember them saying that the malicious part was connected to the BMC, not the main CPU. If there's a serious USB vuln in the BMC, then four wires could be enough to compromise it and gain God Mode over the early x86 SW environment.
And I believe that once you control the BIOS image you control the boot chain of trust.
Also - I found it funny that the "horrific exploit" was just piggybacking on a mgmt engine vuln...
This caused a small stink a while back but I doubt if anything's changed.
From the perspective of someone who merely reads what experts write, that isn't true at all. If you have information on your enemy's operations and they are unaware, you have the information advantage and you don't give it up. You use it to monitor them, trace their activities: For example, where does the connection go? And where does the information go from there? Plant malware in whatever is sent back in order to trace who accesses it and maybe give you a backdoor, or if you can't do that plant false information and see where it turns up. Also, who is physically planting the PCB? Mine them, their activities, and social network for more intel.
Also undermine your enemy with false information and by shutting them down not now, reactively, but at the worst possible time for them - when the crisis hits in the South China Sea or Taiwan, pull the plug on their intel or start feeding it false info. And in the meantime, avoid giving them anything too valuable.
On one hand, undoubtedly I have massive blinds spots in my knowledge and the details are probably somehow wrong. On the other, I'm somewhat confident that many times, an intelligence agency would not reveal what they know and would do the kinds of things I'm discussing.
Presuming you can get control of the BMC and transmit arbitrary network traffic, you'd have to limit it somehow. At least some of the compromised servers would be installed in places where any unexpected outgoing network traffic would be noticed and investigated. Large amounts of detectable traffic could be generated too if these things are all pinging away at something. You'd have to trigger it somehow I suppose. But what kind of trigger can you set up on a server running an unknown OS in unknown configuration that may be behind lots of firewalls? Are we sending some kind of weird magic packet to the server? If I was Google or something, I'd have dumb filtering firewalls set up in front of my servers that drop anything that doesn't look like normal network traffic, just to keep any random person from fuzzing the server and triggering some weird unknown bug.