It's nice to see TSMC's internal security teams are detecting these things, but it would be more surprising news if this kind of IP theft wasn't happening to be honest...
Right before I left Samsung Austin Semiconductor (Samsung’s fab in the U.S.), in 2019, they were phasing out local share drives in favor of a self-hosted cloud that Samsung created. The supposed reason was better security, though it’s unclear to me why they couldn’t globally apply whatever rules they wanted to enforce to all office locations, instead of forcing everyone to use a remote endpoint. The throughput was absolutely terrible, like < 1 MBps. My department had some large files, so that was fun.
One such file was an Excel file that was more script than anything else. We had to have labels in a specific format on every machine we owned in the fab, which was something like 250 of them. The normal stuff like its id number, and also which points of contact for a technician and engineer, as well as their photos and phone numbers. Manually balancing and re-balancing every time a shift gained or lost an employee would’ve been obnoxious, so naturally instead countless hours were spent coercing VBA and ODBC to query a DB containing employee info, extracting and resizing their headshot, applying all of this to a template label, queuing a print job, and repeating. It was pretty fun to watch, honestly. I think I also had created a floor plan map somehow, and it would do its best to group a given technician’s assigned machines such that they minimized distance traveled during inspections. Anyway, the large file size was due to it caching the headshots (might have made a hidden tab for each? I don’t remember) for better performance, as that had proven to be a bottleneck.
> it’s unclear to me why they couldn’t globally apply whatever rules they wanted to enforce to all office locations, instead of forcing everyone to use a remote endpoint
My guess is that they're worried that you'll download data and then copy it out of the device while the device is offline. An employee could even "lose" the device, giving an attacker unbound time to extract data from it.
Another equally likely explanation is that the exec in charge of their cloud services gains more prestige due to his solution being universally adopted internally, or some other crap along this line.
A common and innovative solution to this problem now, that I have seen in other fabs (not semis, but other industries), is to put QR codes on each machine. That way the info behind it can be dynamic and maintained
This is a pathology of megacorps who don't continually reinvest in process and support infrastructure and instead abuse backoffice desktop software inefficiently. In 20/20 retrospect, it should've been converted from Excel to a proper app as soon as it became a bottleneck.
Grandpa worked heat treat at the alegany national forge, where they made stuff like the beams for the empire state building, periscope tubes, and the 16" guns for the biggest battle ships, each thing had to be tempered in a very specific way, and to deal with spying and espionage, the charts and instuments used on the shop floor were all deliberatly wrong,and the written instructions were also wrong leaving the person in charge to know how to convert the given instructions into
what was actualy done through a secret method, not complicated, but essentialy impossible to reverse engineer.
There is a story of soviet engineers who somehow were invited to tour the RR jet turbine factory, and were given shoes that had extra sticky soles they wore only for the tour, which ewere then used to anyalise the metal chips that get picked up from the shop floor.....
never ends, expected.....even honored
Could someone help contextualize what parts of this manufacturing process are considered the most important and closely guarded trade secrets? I'd love to hear some slightly more concrete examples.
How easily could another company replicate this process if they knew all the key details? It was my understanding that access to photolithography machines was one of the major obstacles in replicating chip manufacturing processes.
Serious props to TSMC for having the processes in place to catch this or figure it out, sacking the alleged bastards, announcing the insider breach publicly (and accepting the consequences of a moment of corporate vulnerability, but at the same time showing their transparency and commitment to protecting client IP), and further not allowing mere job loss to be the end of the story. I had no particular opinion about TSMC, but my respect for them has moved up a notch now.
My probably-racist sounding comment or nationalistic is my concern for software being owned by a certain entity and then this group is going to be used for the foundation of AI with our military, it will be interesting to see how that turns out.
edit: in this case someone pointed out it's a different nation so I'm surprised
They said [1] in article but put iPhone 18 chip process just for clickbait… Disappointed.
[1] No details have been shared on the nature of the information obtained. It is likely that it relates to the 2nm process in general rather than anything specific to Apple’s A20 chip.
Hard to feel bad for Apple when a lot of this is about locking customers out of their own devices and then cheaping out with contract manufacturing. I almost want to cheer on the employees doing this.
27 comments
[ 3.3 ms ] story [ 49.2 ms ] threadSo strange
[1] https://en.wikipedia.org/wiki/Capacitor_plague
People are questioning whether the technology was leaked to Rapidus through Japanese equipment suppliers.
Link: https://asia.nikkei.com/business/technology/tsmc-fires-worke...
Archive: https://archive.ph/ta1kq
One such file was an Excel file that was more script than anything else. We had to have labels in a specific format on every machine we owned in the fab, which was something like 250 of them. The normal stuff like its id number, and also which points of contact for a technician and engineer, as well as their photos and phone numbers. Manually balancing and re-balancing every time a shift gained or lost an employee would’ve been obnoxious, so naturally instead countless hours were spent coercing VBA and ODBC to query a DB containing employee info, extracting and resizing their headshot, applying all of this to a template label, queuing a print job, and repeating. It was pretty fun to watch, honestly. I think I also had created a floor plan map somehow, and it would do its best to group a given technician’s assigned machines such that they minimized distance traveled during inspections. Anyway, the large file size was due to it caching the headshots (might have made a hidden tab for each? I don’t remember) for better performance, as that had proven to be a bottleneck.
My guess is that they're worried that you'll download data and then copy it out of the device while the device is offline. An employee could even "lose" the device, giving an attacker unbound time to extract data from it.
Another equally likely explanation is that the exec in charge of their cloud services gains more prestige due to his solution being universally adopted internally, or some other crap along this line.
Converting costs money. Unless there is a good reason, nobody will do it.
How easily could another company replicate this process if they knew all the key details? It was my understanding that access to photolithography machines was one of the major obstacles in replicating chip manufacturing processes.
edit: in this case someone pointed out it's a different nation so I'm surprised
[1] No details have been shared on the nature of the information obtained. It is likely that it relates to the 2nm process in general rather than anything specific to Apple’s A20 chip.
Not that I think you can just plug in a thumb drive and download as you please, but just a sense of scale on how much data describes the design.
https://www.freethink.com/the-changing-world-order/chinese-i...