Chinese backdoors on Supermicro

Discussion in 'Processors and Motherboards' started by sloop, Oct 4, 2018.

  1. kapone

    kapone Active Member

    Joined:
    May 23, 2015
    Messages:
    616
    Likes Received:
    245
    Something else to think about...In 2008, AMD sold off their fabrication/foundry to a middle eastern consortium, to be known as GlobalFoundries. They do not manufacture their chips in house anymore.

    And the big dog TSMC, does the fabrication for a lot of companies in Taiwan. Intel is the only one with an in house foundry at this time.

    Think how bad it would be if the supposedly authentic chips themselves were compromised. You can't spot the changes, you can't x-ray them, you can't...nothin.
     
    #21
  2. sean

    sean Member

    Joined:
    Sep 26, 2013
    Messages:
    56
    Likes Received:
    28
    Intel already had issues with the RDRAND instructions.
     
    #22
  3. T_Minus

    T_Minus Moderator

    Joined:
    Feb 15, 2015
    Messages:
    6,781
    Likes Received:
    1,457
    Do we know yet if this affected all SM motherboards or only blade?
     
    #23
  4. Rand__

    Rand__ Well-Known Member

    Joined:
    Mar 6, 2014
    Messages:
    3,542
    Likes Received:
    525
    Question is whether it was a targeted attack on these 30 something companies or applied broadscale...
    I assume it would be notable if hundreds of thousands of mainboards would contact relatively few c&c servers even with very low amounts of traffic...
     
    #24
  5. lunadesign

    lunadesign Member

    Joined:
    Aug 7, 2013
    Messages:
    93
    Likes Received:
    7
    Considering it was supposedly done way down in the supply chain, would the subcons at that point even know which customers each batch were destined for? Maybe for custom orders, I guess...
     
    #25
  6. Davewolfs

    Davewolfs Active Member

    Joined:
    Aug 6, 2015
    Messages:
    329
    Likes Received:
    30
    You should assume that all hardware from any hardware manufacturer could be infected.

    This country doesn't manufacturer any electronics here its all overseas.
     
    #26
  7. nva

    nva New Member

    Joined:
    Aug 19, 2018
    Messages:
    4
    Likes Received:
    0
    I'm always paranoid about security/privacy and this news is really freaking me out. I know NSA probably got everything about my digital life, but I just don't want China being able to spy on me too.

    Where are AsrockRack/Gygabyte server boards manufactured? I'm seriously looking for alternatives.
     
    #27
  8. mmo

    mmo Active Member

    Joined:
    Sep 17, 2016
    Messages:
    358
    Likes Received:
    168
    SM, AsRock and Gigabyte are all TW companies. Almost all the major MB are manufactured in either TW or China i believe.
     
    #28
  9. Stephan

    Stephan IT Professional

    Joined:
    Apr 21, 2017
    Messages:
    98
    Likes Received:
    33
    Wow, really bad day for Supermicro and the server industry.

    Do NOT buy the stock long or short, the longs will be catching a falling knife, the shorts will get squeezed hard if this is a hoax that Bloomberg fell for once the stock recovers. I wonder though if some people learned the news early and shorted the stock, maybe some chinese PLA officers? ;-)

    Assuming the reporting is correct, my money is on an interception chip for the IPMI-SoC (Aspeed 2400/2500) <-> serial boot flash chip connection traces. The interception chip will do a search & replace on the data while the SoC is busy retrieving its firmware from the flash chip, also correcting any checksums to let the Aspeed continue booting. When up, rogue code will try to ping some outside machines via UDP or maybe a sneaky DNS tunnel, waiting for instructions.

    One instruction could be the download of more code for execution on the SoC. From there, a stronger foothold can be established on the SoC and through lateral movement within the management network of the unsuspecting operator. Since the Aspeed can flash the BIOS, trojanized UEFI modules could be used to subvert any OS running on the hardware. Which is truly a nation-state endavour.

    If you weren't sure why HPE introduced "silicon root of trust" in 2017 with iLO 5, now you can be. I think they heard the news early. Their SoC will only execute cryptographically signed code from its boot flash and the only way to subvert that would be either to break a presumably large public key (very unlikely), or subvert the iLO SoC silicon to accept any code. If the chip is diffused in USA, I would call it game over. Unless the "sufficiently bored party" goes ahead and clones the entire iLO chip with fake crypto verification and has that put onto server boards instead.

    I am not sure what the fallout will be. Maybe higher prices for servers because manufacturing will move out of China, with chip diffusion happening for security reasons in Europe or USA pretty much out of chinese reach, and assembly of stuff happening in Mexico to take advantage of low wages.

    Just my 2 euro cents.
     
    #29
  10. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,543
    Likes Received:
    4,467
    #30
  11. Samir

    Samir Active Member

    Joined:
    Jul 21, 2017
    Messages:
    743
    Likes Received:
    142
    It will be important to know all the facts of this once they are revealed, but hopefully this is a wake up call to not let people who don't have your best interests at heart manufacture the hardware that holds all your interest. This is the Information Age, and like all ages before it, the person/state/etc that owns the commodity of the age will control the age. The battle is clearly on.

    And I think it is time to address the reality that we need electronic nation-state borders that function like our physical borders. If traffic from unfriendlies could not be exchanged, it would mitigate a good chunk of this problem.
     
    #31
  12. Stephan

    Stephan IT Professional

    Joined:
    Apr 21, 2017
    Messages:
    98
    Likes Received:
    33
    To add to my thoughts two more:

    1) Amazon says they never found anything and while absence of proof is no proof of absence, it may very well be. Reasoning: Key to such operations is staying under the radar in order not to burn your assets. What if China manufactured not thousands but only a dozen of those modified boards and injected them into servers they suspected were for a certain customer? Claims of "security audits" by Amazon are laughable because who has the time and expertise to find such a tiny chip in a cloud of thousands of servers and with multiple revisions of boards, moving hundreds of components around on the PCB each time? And even worse, if later versions of those trojanized boards had this little chip within the PCB itself, with power and ground layers obscuring view?

    2) The infiltration chip could self-destruct after some time (causing willfully a hardware defect), getting the server ejected from production and replaced. "We did not find anything" - yes, because everyone looked too late and also in the wrong place. The chip could go inactive after a while, passing everything unmodified when told so or after some time, once persistence is established elsewhere. Or when realizing after a while that the server is airgapped or its controlling server has been unreachable for days/weeks.
     
    #32
    Last edited: Oct 4, 2018
  13. GallagherStore

    GallagherStore New Member

    Joined:
    Sep 8, 2018
    Messages:
    4
    Likes Received:
    0
    I don't know much about ICs, I suspect I'm not alone. I do know there are different kinds of ICs.

    In the example posted by Bloomberg news, how many intstructions could be stored on such IC? Is there enough space on one IC pictured in Bloomberg's article to create security issues? How easy it is to make one - does it have to be customised for different boards etc that SuperMicro make?
     
    #33
  14. Samir

    Samir Active Member

    Joined:
    Jul 21, 2017
    Messages:
    743
    Likes Received:
    142
    Integrated circuits like the tiny one shown in the Bloomberg report have to be designed and manufactured like any other small IC, especially en mass. This to me isn't the big problem--the big problem is that the Supermicro MBs were designed to accept them. You can't just 'tap into' the circuitry of something as complicated as a motherboard--there was a deliberate design going on that allowed for these chips to be added 'later on'.

    This is the heart of the problem--you have a US company that has effectively manufactured and sold equipment to make and shake the present foundation of the country. How do you fix this? And how do you prevent it in the future?
     
    #34
  15. Rand__

    Rand__ Well-Known Member

    Joined:
    Mar 6, 2014
    Messages:
    3,542
    Likes Received:
    525
    Now thats quite a heavy accusation here. Why are you sure it would not be possible to do this without SM helping them ? Imagine you had access to schematics and everything?
     
    #35
  16. Rand__

    Rand__ Well-Known Member

    Joined:
    Mar 6, 2014
    Messages:
    3,542
    Likes Received:
    525
    Was not the idea to load additional code from a remote box?
     
    #36
  17. ATS

    ATS Member

    Joined:
    Mar 9, 2015
    Messages:
    96
    Likes Received:
    32
    pretty easy to do a cut/snip to an I2C interface to insert a chip.
     
    #37
  18. Samir

    Samir Active Member

    Joined:
    Jul 21, 2017
    Messages:
    743
    Likes Received:
    142
    If you had access to schematics and everything and had the know-how, sure. But for SM to not know about it for so long or ignore it--that's the part where I think they had some sort of backhanded hand in it. I mean, the founder knows that part of the world and how this type of corruption is rampant--not putting safeguards in place that would prevent harm to his customers is negligent.
     
    #38
  19. Samir

    Samir Active Member

    Joined:
    Jul 21, 2017
    Messages:
    743
    Likes Received:
    142
    Possibly, but you'd still have to re-design traces and such. And someone did that somewhere.
     
    #39
  20. Dawg10

    Dawg10 Associate

    Joined:
    Dec 24, 2016
    Messages:
    203
    Likes Received:
    98
Similar Threads: Chinese backdoors
Forum Title Date
Processors and Motherboards Chinese Dual LGA 2011 Boards? Oct 8, 2019
Processors and Motherboards Cheap chinese x79 mobos Jun 12, 2017
Processors and Motherboards Chinese x79/C602 board Mar 9, 2017

Share This Page