Bloomberg Reports China Infiltrated the Supermicro Supply Chain We Investigate

  • Thread starter Patrick Kennedy
  • Start date

Rand__

Well-Known Member
Mar 6, 2014
4,439
864
113
Re BMC or not its stated in the Bloomberg article that that was the vector?

"The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off."
 

wildpig1234

Well-Known Member
Aug 22, 2016
1,775
264
83
45
i only just recent got two x9sra boards... should i get rid of them and go back to the chinese Runing X79Z ? :)
 

kapone

Well-Known Member
May 23, 2015
741
347
63
This does not bode well for Supermicro :(
It's not just Supermicro. Where do you think other ODMs for e.g. Quanta, Inventec etc manufacture their stuff?? And somebody like Quanta is in almost every data center, classified or not.

If Supermicro was in fact compromised, as far as their supply chain goes, it is almost a certainty that there are others.
 
  • Like
Reactions: WeatherDave

Robert Fontaine

Active Member
Jan 9, 2018
113
28
28
53
From my perspective it means that there could be a lot of cheap Supermicro motherboards coming onto fleabay. But I would be sad to lose Supermicro they make some of my favourite unobtanium.

It is an odd leak. Hopefully we can get some technical details if actually true. What no one mentions is that the US is the leader in these kind of games and has been stopping hardware in transit and bugging it for many years. It would not be a shock for the US to have compromised hardware boards either. All the countries seem to be bugging the international signals and most seem to be bugging their citizens ( oh we don't really look at it so it's ok except when we do ). The whole darn thing is Orwellian. With everyone rushing to put their data on (OPS) Other Peoples Servers / The cloud, being able to bug the data centres is kind of a last mile operation. If I was a employee of the anti-christ I would definitely be doing this kind of thing too. :) </rant>
 

wildpig1234

Well-Known Member
Aug 22, 2016
1,775
264
83
45
well, i can't imagine only the chinese are doing it. i am sure the U.S and Russia are also doing some hacking of their own..... the obvious difference though is that china supplies most of the worlds MB so that's a perfect way for them to do that .... it's not as easy for US and Russia to do this.....

This only makes the news because china got caught red handed and blomsberg got a hold of story source.... i guess the US hasn't been caught red handed yet.. or maybe they just good at keeping stories of being caught from leaking ....lol...

I am not too impressed so far with my supermicro experience. the things i look for like S3 sleep and stability in win10 1803 is lacking in many of their x9 products..... I don't plan to experiment with their X10 or X11 since i don't have much money for latest stuffs and ddr4 right now anyway...
 
  • Like
Reactions: WeatherDave

Evan

Well-Known Member
Jan 6, 2016
3,041
504
113
Savage effect on stocks but for sure regardless of it it happened like that the idea has been around a long while. In the industry I am sure everybody has heard about those IBM servers heading out from USA that we’re tampered with, that was a while back and less sophisticated.

I am sure Dell and HPE didn’t start doing their silicon root of trust just by chance , the had to have seen the potential if not even experienced it happening to them also.
 

Rain

Active Member
May 13, 2013
240
81
28
Clearly this is bad if it can be proven, but what pisses me off is not only did Bloomberg go public with the story, later they also published articles about how Supermicro's stock tanked throughout the day as well. No shit, Bloomberg! It's because you published this story!

Swinging more than once is distasteful in my opinion. Bloomberg had the market headline, they should have let the other (equally greedy...) news outlets do the Supermicro market analysis yesterday.

Edit: That, and they have been sitting on this information for months and only release it right after Supermicro celebrates its 25th Anniversary?
 
Last edited:

cesmith9999

Well-Known Member
Mar 26, 2013
1,169
352
83
Malware <> hardware infiltration

I can get rid of malware without a forklift.

Chris
 

Aluminum

Active Member
Sep 7, 2012
431
45
28
Sometimes its a blend, malware could potentially become a hardware problem in practice especially with embedded firmware things like BMCs, some designs can have their normal update mechanism disabled. Then you can end up with a case of sometime its cheaper (man hours, downtime, experts etc) to forklift them out and put in replacements than get the rack lift, pop the tops and custom flash production gear one-by-one.

Regardless what we REALLY need are the real technical meat & details behind this allegation, so far its just a bunch of "journalism" crap no one can put to any use.