It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Bloomberg's report about The Big Hack
page: 14
share:
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
www.bloomberg.com...
For all those who believe that this is something extraordinary - it's not. I believe that this really happened and probably still happens but I am surprised that it just become public knowledge.
It's rather a simple thing to do. All of these chips communicate on very simple serial protocols like i2c or SPI. Anyone with basic micro controller skills can build a SPI proxy and plant a chip between a BMC and it's EEPROM.
What is the BMC?
All you do is write a daisy-chain firmware that loads first your code and then the actual firmware.
Your "hack" will be always on top and serve you first before it goes through it's "standard" procedure. You don't need to alter any PCB's or circuits. Just cut the traces between the Controller and it's memory and put it in the middle. Classic man-in-the-middle principle. The cuts can be so tiny, you don't even will see it. No passive chips needed either. Your custom "hack" chip just implements a good power module that can use the SPI bus regulated voltage to power it... and the best is that you don't have to have any special computing power in your chip because your stuff will run on top of the BMC.
So there it is. I think the article hit's an under appreciated topic that is long known in the industry but it's also over glorified where the tech involved is basic level.
www.bloomberg.com...
For all those who believe that this is something extraordinary - it's not. I believe that this really happened and probably still happens but I am surprised that it just become public knowledge.
It's rather a simple thing to do. All of these chips communicate on very simple serial protocols like i2c or SPI. Anyone with basic micro controller skills can build a SPI proxy and plant a chip between a BMC and it's EEPROM.
What is the BMC?
The baseboard management controller (BMC) is a specialized service processor that monitors the physical state of a computer, network server or other hardware device using sensors and communicating with the system administrator through an independent connection.
All you do is write a daisy-chain firmware that loads first your code and then the actual firmware.
Your "hack" will be always on top and serve you first before it goes through it's "standard" procedure. You don't need to alter any PCB's or circuits. Just cut the traces between the Controller and it's memory and put it in the middle. Classic man-in-the-middle principle. The cuts can be so tiny, you don't even will see it. No passive chips needed either. Your custom "hack" chip just implements a good power module that can use the SPI bus regulated voltage to power it... and the best is that you don't have to have any special computing power in your chip because your stuff will run on top of the BMC.
So there it is. I think the article hit's an under appreciated topic that is long known in the industry but it's also over glorified where the tech involved is basic level.
edit on 4-10-2018 by flyandi because: (no reason given)
originally posted by: OccamsRazor04
a reply to: flyandi
China is not "Most Favored Trading Partner" .. they are an enemy. They need to be treated as such immediately.
Thank God Trump was elected hey? Hillary would have Xi as her Secretary of State.
a reply to: Carcharadon
Considering the ties Democrats have with the Chinese, I believe she could go further and name him the VP.
Considering the ties Democrats have with the Chinese, I believe she could go further and name him the VP.
originally posted by: vinifalou
a reply to: Carcharadon
Considering the ties Democrats have with the Chinese, I believe she could go further and name him the VP.
Wouldn't want to get TOO obvious with it though lol.
I found this part of the article the most interesting.
So, saying publicly that an American company could not to be trusted was bad, but alerting its customers instead of the company in a way that could kill the company was not.
How can we know that there wasn't any Supermicro's competitors inside this move? Who benefited the most from this way of doing things, Supermicro's customers or Supermicro's competitors?
That left the question of whom to notify and how. U.S. officials had been warning for years that hardware made by two Chinese telecommunications giants, Huawei Corp. and ZTE Corp., was subject to Chinese government manipulation. (Both Huawei and ZTE have said no such tampering has occurred.) But a similar public alert regarding a U.S. company was out of the question. Instead, officials reached out to a small number of important Supermicro customers. One executive of a large web-hosting company says the message he took away from the exchange was clear: Supermicro’s hardware couldn’t be trusted. “That’s been the nudge to everyone—get that crap out,” the person says.
So, saying publicly that an American company could not to be trusted was bad, but alerting its customers instead of the company in a way that could kill the company was not.
How can we know that there wasn't any Supermicro's competitors inside this move? Who benefited the most from this way of doing things, Supermicro's customers or Supermicro's competitors?
what if we just shared all technology and worked together to go to mars?
originally posted by: OccamsRazor04
a reply to: fauxpas1337
So China can steal Mars like everything else?
they stole my heart with the ciggie butts they leave behind the restaurant down my street
could atleast return the favour and give them a whole #ing planet
or just share it
a reply to: flyandi
I saw a couple of other articles on this today. My favorite was in the Register.
Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?
3 pages but still a quick read.
I saw a couple of other articles on this today. My favorite was in the Register.
Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?
Who's your money on? Bloomberg's sources? Apple? Amazon? Super Micro?
3 pages but still a quick read.
new topics
-
Man Stabbed or Cardiac arrest on Westminster Bridge, London, UK
Mainstream News: 38 minutes ago -
A fix for the Trans players in sports
Social Issues and Civil Unrest: 2 hours ago -
Petition Calling for General Election at 564,016 and rising Fast
Political Issues: 5 hours ago -
Rep. Alexandria O. Cortez Says Forcing People to Use The Correct Bathroom is Dangerous.
US Political Madness: 11 hours ago
top topics
-
Petition Calling for General Election at 564,016 and rising Fast
Political Issues: 5 hours ago, 10 flags -
France gives Ukraine license to fire long-range missiles at Russia
World War Three: 16 hours ago, 9 flags -
Rep. Alexandria O. Cortez Says Forcing People to Use The Correct Bathroom is Dangerous.
US Political Madness: 11 hours ago, 7 flags -
Ok this is some BS now WTH
Rant: 14 hours ago, 5 flags -
A fix for the Trans players in sports
Social Issues and Civil Unrest: 2 hours ago, 5 flags -
Cooperation zones
World War Three: 12 hours ago, 4 flags -
Man Stabbed or Cardiac arrest on Westminster Bridge, London, UK
Mainstream News: 38 minutes ago, 0 flags
active topics
-
France gives Ukraine license to fire long-range missiles at Russia
World War Three • 28 • : Imhere -
Results of the use of the Oreshnik missile system in Dnepropetrovsk
World War Three • 185 • : bastion -
Petition Calling for General Election at 564,016 and rising Fast
Political Issues • 30 • : Cymru -
International Criminal Court Issues Arrest Warrant For Netanyahu
Mainstream News • 46 • : JJproductions -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 3367 • : Thoughtful3 -
Rep. Alexandria O. Cortez Says Forcing People to Use The Correct Bathroom is Dangerous.
US Political Madness • 28 • : WeMustCare -
Ok this is some BS now WTH
Rant • 10 • : awhispersecho -
A fix for the Trans players in sports
Social Issues and Civil Unrest • 9 • : Xtrozero -
Man Stabbed or Cardiac arrest on Westminster Bridge, London, UK
Mainstream News • 0 • : Bilbous72 -
Post A Funny (T&C Friendly) Pic Part IV: The LOL awakens!
General Chit Chat • 7820 • : underpass61
4