Chinese backdoors on Supermicro

sloop

New Member
Mar 18, 2013
19
1
3
I saw this really interesting article about Chinese backdoor chips implanted on some Supermicro motherboards:

Bloomberg - Are you a robot?

If anyone comes across technical details for how this worked, what to look for, that would be neat to see and discuss.
 

WeatherDave

New Member
May 4, 2017
7
1
3
46
Thank you for posting this... Beat me by a few minutes. =D

Enormous implications. We had planned on buying some SuperMicro servers for a new Cluster, but I'll tell you, that's come to a dead stop after reading this article. Not sure where we will turn.
 

marcoi

Well-Known Member
Apr 6, 2013
1,403
224
63
Gotha Florida
thats huge. I just my 4 node SM server will be worth less now. Wondering how i can check if it has the compromise? Any ideas?
 
  • Like
Reactions: Jany.Z

Patrick

Administrator
Staff member
Dec 21, 2010
11,971
4,932
113
Pulled some Microblade nodes this morning and will post some high-resolution photos soon.

Also read Bloomberg - Are you a robot? - where Apple, Amazon, Supermicro, and China say this is an IPMI/ BMC hack.

The bigger question is what are we looking for if it is not related to the BMC. If it is just a BMC hack, as the statements suggest, then this is akin to iDRACula and every other BMC hack out there.

The big question I have is: how is it getting access to modify the OS to be able to phone home if it is not the BMC?
 
  • Like
Reactions: T_Minus

T_Minus

Build. Break. Fix. Repeat
Feb 15, 2015
7,046
1,583
113
CA
I wonder how many 2nd-hand infected servers everyone has purchased on ebay :eek:

This is going to get interesting.

I wonder if this affects IBM/Softlayer too :eek: and all SM systems from a certain date range?
 

GallagherStore

New Member
Sep 8, 2018
4
0
1
In both hemispheres
Seems to be escalating nicely, now on CNBC: Chinese spy chips are found in hardware used by Apple, Amazon, Bloomberg says; Apple, AWS say no way

I brought quite a few Supermicros for my employers over the years and we have quite a fierce Chinese competition in our industry. However, they are not blades, but it wouldn't be a big jump to the pizza boxes. And where would it stop, could other hardware manufacturers be affected?

As for the how, the only vague detail mentioned: Somewhere in the Linux operating system, which runs in many servers, is code that authorizes a user by verifying a typed password against a stored encrypted one. An implanted chip can alter part of that code so the server won’t check for a password—and presto! A secure machine is open to any and all users. A chip can also steal encryption keys for secure communications, block security updates that would neutralize the attack, and open up new pathways to the internet
 

WeatherDave

New Member
May 4, 2017
7
1
3
46
thats huge. I just my 4 node SM server will be worth less now. Wondering how i can check if it has the compromise? Any ideas?
I'm not sure you can. The Bloomberg article states that the newer version of this hardware hacking is using chips that are embedded in the Fiberglass of the Motherboard. I assume that means you can't even visually see them without X-Raying them.

Ugly, ugly.
 

marcoi

Well-Known Member
Apr 6, 2013
1,403
224
63
Gotha Florida
I'm not sure you can. The Bloomberg article states that the newer version of this hardware hacking is using chips that are embedded in the Fiberglass of the Motherboard. I assume that means you can't even visually see them without X-Raying them.

Ugly, ugly.
Idk even if that wasn't the case if we could see them. At lease with naked eye. I just looked at my SM node and its impossible to know what to look for. There are hundreds of chips and resisters on the MB.
 

Davewolfs

Active Member
Aug 6, 2015
337
31
28
This is pretty bad. Perhaps the biggest hack ever. Yet it’s not even being reported yet.
 

marcoi

Well-Known Member
Apr 6, 2013
1,403
224
63
Gotha Florida
upload_2018-10-4_11-14-0.png

What are they chances they make a recovery here? With the stock dropping so low im wondering if it worth picking up some stock and see if it raises again.
 

lunadesign

Member
Aug 7, 2013
121
9
18
So, assuming all of this is true, what's a good alternative motherboard manufacturer? Don't all of them utilize Chinese or SE Asia subcons?
 

AlphaG

Member
Jun 8, 2017
84
16
8
50
View attachment 9455

What are they chances they make a recovery here? With the stock dropping so low im wondering if it worth picking up some stock and see if it raises again.
Pretty volatile by definition. Anyone’s guess really...

There is a good chance you can lose your investment. I’m going to stay away.
 

WeatherDave

New Member
May 4, 2017
7
1
3
46
So, assuming all of this is true, what's a good alternative motherboard manufacturer? Don't all of them utilize Chinese or SE Asia subcons?
Great question, and one I'd like to know as well. Not attempting to go full paranoid, but now that this is out in the open, who knows where they'll find this kind of stuff lurking.

Absent the mfg inspecting/testing/validating the every circuited part they use against a known-good master, I'm not sure how you'd know you were getting what you ordered. Heck with chip recapping, a malicious attacker could uncap/recap a chip with extra stuff on/in it, and how would you know?
 

lunadesign

Member
Aug 7, 2013
121
9
18
Great question, and one I'd like to know as well. Not attempting to go full paranoid, but now that this is out in the open, who knows where they'll find this kind of stuff lurking.

Absent the mfg inspecting/testing/validating the every circuited part they use against a known-good master, I'm not sure how you'd know you were getting what you ordered. Heck with chip recapping, a malicious attacker could uncap/recap a chip with extra stuff on/in it, and how would you know?
I think the only way you could catch this would be really darn good network monitoring.