Chinese backdoors on Supermicro

kapone

Well-Known Member
May 23, 2015
796
388
63
Something else to think about...In 2008, AMD sold off their fabrication/foundry to a middle eastern consortium, to be known as GlobalFoundries. They do not manufacture their chips in house anymore.

And the big dog TSMC, does the fabrication for a lot of companies in Taiwan. Intel is the only one with an in house foundry at this time.

Think how bad it would be if the supposedly authentic chips themselves were compromised. You can't spot the changes, you can't x-ray them, you can't...nothin.
 

T_Minus

Build. Break. Fix. Repeat
Feb 15, 2015
7,046
1,583
113
CA
Do we know yet if this affected all SM motherboards or only blade?
 

Rand__

Well-Known Member
Mar 6, 2014
4,592
912
113
Question is whether it was a targeted attack on these 30 something companies or applied broadscale...
I assume it would be notable if hundreds of thousands of mainboards would contact relatively few c&c servers even with very low amounts of traffic...
 

lunadesign

Member
Aug 7, 2013
121
9
18
Question is whether it was a targeted attack on these 30 something companies or applied broadscale...
I assume it would be notable if hundreds of thousands of mainboards would contact relatively few c&c servers even with very low amounts of traffic...
Considering it was supposedly done way down in the supply chain, would the subcons at that point even know which customers each batch were destined for? Maybe for custom orders, I guess...
 

Davewolfs

Active Member
Aug 6, 2015
337
31
28
Do we know yet if this affected all SM motherboards or only blade?
You should assume that all hardware from any hardware manufacturer could be infected.

This country doesn't manufacturer any electronics here its all overseas.
 

nva

New Member
Aug 19, 2018
4
0
1
I'm always paranoid about security/privacy and this news is really freaking me out. I know NSA probably got everything about my digital life, but I just don't want China being able to spy on me too.

Where are AsrockRack/Gygabyte server boards manufactured? I'm seriously looking for alternatives.
 

mmo

Well-Known Member
Sep 17, 2016
507
267
63
40
I'm always paranoid about security/privacy and this news is really freaking me out.

Where are AsrockRack/Gygabyte server boards manufactured? I'm seriously looking for alternatives.
SM, AsRock and Gigabyte are all TW companies. Almost all the major MB are manufactured in either TW or China i believe.
 

Stephan

IT Professional
Apr 21, 2017
140
46
28
Bavaria, Germany
Wow, really bad day for Supermicro and the server industry.

Do NOT buy the stock long or short, the longs will be catching a falling knife, the shorts will get squeezed hard if this is a hoax that Bloomberg fell for once the stock recovers. I wonder though if some people learned the news early and shorted the stock, maybe some chinese PLA officers? ;-)

Assuming the reporting is correct, my money is on an interception chip for the IPMI-SoC (Aspeed 2400/2500) <-> serial boot flash chip connection traces. The interception chip will do a search & replace on the data while the SoC is busy retrieving its firmware from the flash chip, also correcting any checksums to let the Aspeed continue booting. When up, rogue code will try to ping some outside machines via UDP or maybe a sneaky DNS tunnel, waiting for instructions.

One instruction could be the download of more code for execution on the SoC. From there, a stronger foothold can be established on the SoC and through lateral movement within the management network of the unsuspecting operator. Since the Aspeed can flash the BIOS, trojanized UEFI modules could be used to subvert any OS running on the hardware. Which is truly a nation-state endavour.

If you weren't sure why HPE introduced "silicon root of trust" in 2017 with iLO 5, now you can be. I think they heard the news early. Their SoC will only execute cryptographically signed code from its boot flash and the only way to subvert that would be either to break a presumably large public key (very unlikely), or subvert the iLO SoC silicon to accept any code. If the chip is diffused in USA, I would call it game over. Unless the "sufficiently bored party" goes ahead and clones the entire iLO chip with fake crypto verification and has that put onto server boards instead.

I am not sure what the fallout will be. Maybe higher prices for servers because manufacturing will move out of China, with chip diffusion happening for security reasons in Europe or USA pretty much out of chinese reach, and assembly of stuff happening in Mexico to take advantage of low wages.

Just my 2 euro cents.
 

Samir

Well-Known Member
Jul 21, 2017
1,403
423
83
45
It will be important to know all the facts of this once they are revealed, but hopefully this is a wake up call to not let people who don't have your best interests at heart manufacture the hardware that holds all your interest. This is the Information Age, and like all ages before it, the person/state/etc that owns the commodity of the age will control the age. The battle is clearly on.

And I think it is time to address the reality that we need electronic nation-state borders that function like our physical borders. If traffic from unfriendlies could not be exchanged, it would mitigate a good chunk of this problem.
 

Stephan

IT Professional
Apr 21, 2017
140
46
28
Bavaria, Germany
To add to my thoughts two more:

1) Amazon says they never found anything and while absence of proof is no proof of absence, it may very well be. Reasoning: Key to such operations is staying under the radar in order not to burn your assets. What if China manufactured not thousands but only a dozen of those modified boards and injected them into servers they suspected were for a certain customer? Claims of "security audits" by Amazon are laughable because who has the time and expertise to find such a tiny chip in a cloud of thousands of servers and with multiple revisions of boards, moving hundreds of components around on the PCB each time? And even worse, if later versions of those trojanized boards had this little chip within the PCB itself, with power and ground layers obscuring view?

2) The infiltration chip could self-destruct after some time (causing willfully a hardware defect), getting the server ejected from production and replaced. "We did not find anything" - yes, because everyone looked too late and also in the wrong place. The chip could go inactive after a while, passing everything unmodified when told so or after some time, once persistence is established elsewhere. Or when realizing after a while that the server is airgapped or its controlling server has been unreachable for days/weeks.
 
Last edited:

GallagherStore

New Member
Sep 8, 2018
4
0
1
In both hemispheres
I don't know much about ICs, I suspect I'm not alone. I do know there are different kinds of ICs.

In the example posted by Bloomberg news, how many intstructions could be stored on such IC? Is there enough space on one IC pictured in Bloomberg's article to create security issues? How easy it is to make one - does it have to be customised for different boards etc that SuperMicro make?
 

Samir

Well-Known Member
Jul 21, 2017
1,403
423
83
45
I don't know much about ICs, I suspect I'm not alone. I do know there are different kinds of ICs.

In the example posted by Bloomberg news, how many intstructions could be stored on such IC? Is there enough space on one IC pictured in Bloomberg's article to create security issues? How easy it is to make one - does it have to be customised for different boards etc that SuperMicro make?
Integrated circuits like the tiny one shown in the Bloomberg report have to be designed and manufactured like any other small IC, especially en mass. This to me isn't the big problem--the big problem is that the Supermicro MBs were designed to accept them. You can't just 'tap into' the circuitry of something as complicated as a motherboard--there was a deliberate design going on that allowed for these chips to be added 'later on'.

This is the heart of the problem--you have a US company that has effectively manufactured and sold equipment to make and shake the present foundation of the country. How do you fix this? And how do you prevent it in the future?
 

Rand__

Well-Known Member
Mar 6, 2014
4,592
912
113
Integrated circuits like the tiny one shown in the Bloomberg report have to be designed and manufactured like any other small IC, especially en mass. This to me isn't the big problem--the big problem is that the Supermicro MBs were designed to accept them. You can't just 'tap into' the circuitry of something as complicated as a motherboard--there was a deliberate design going on that allowed for these chips to be added 'later on'.
Now thats quite a heavy accusation here. Why are you sure it would not be possible to do this without SM helping them ? Imagine you had access to schematics and everything?
 

Rand__

Well-Known Member
Mar 6, 2014
4,592
912
113
In the example posted by Bloomberg news, how many intstructions could be stored on such IC? Is there enough space on one IC pictured in Bloomberg's article to create security issues? How easy it is to make one - does it have to be customised for different boards etc that SuperMicro make?
Was not the idea to load additional code from a remote box?
 

ATS

Member
Mar 9, 2015
96
32
18
45
Integrated circuits like the tiny one shown in the Bloomberg report have to be designed and manufactured like any other small IC, especially en mass. This to me isn't the big problem--the big problem is that the Supermicro MBs were designed to accept them. You can't just 'tap into' the circuitry of something as complicated as a motherboard--there was a deliberate design going on that allowed for these chips to be added 'later on'.
pretty easy to do a cut/snip to an I2C interface to insert a chip.
 

Samir

Well-Known Member
Jul 21, 2017
1,403
423
83
45
Now thats quite a heavy accusation here. Why are you sure it would not be possible to do this without SM helping them ? Imagine you had access to schematics and everything?
If you had access to schematics and everything and had the know-how, sure. But for SM to not know about it for so long or ignore it--that's the part where I think they had some sort of backhanded hand in it. I mean, the founder knows that part of the world and how this type of corruption is rampant--not putting safeguards in place that would prevent harm to his customers is negligent.