Pegasus: Saudi Tracking Software for Dissidents | 5 comments (5 topical, editorial, 0 hidden)

Tim Cook: Chinese Spy Story Fake News (4.00 / 2)

Apple CEO Tim Cook Is Calling For Bloomberg To Retract Its Chinese Spy Chip Story | Buzzfeed |
Apple, however, has maintained that none of this is true -- in a comment to Bloomberg, in a vociferous and detailed company statement, and in a letter to Congress signed by Apple's vice president of information security, George Stathakopoulos. Meanwhile, Bloomberg has stood steadfastly by its story and even published a follow-up account that furthered the original's claims.
The result has been an impasse between some of the world's most powerful corporations and a highly respected news organization, even in the face of questions from Congress. On Thursday evening, an indignant Cook further ratcheted up the tension in response to an inquiry from BuzzFeed News.
"There is no truth in their story about Apple," Cook told BuzzFeed News in a phone interview. "They need to do that right thing and retract it."

'Sapere aude'

by Oui (Oui) on Sat Oct 20th, 2018 at 07:37:46 PM EST

Re: Tim Cook: Chinese Spy Story Fake News (none / 1)

Some technical analysis:

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know - and who is telling the truth? - The Register

So which is true: did the Chinese government succeed in infiltrating the hardware supply chain and install spy chips in highly sensitive US systems; or did Bloomberg's journalists go too far in their assertions? We'll dig in.

And two days ago:

Forgotten that Chinese spy chip story? We haven't - it's still wrong, Super Micro tells SEC - The Regidter

As far as El Reg is concerned, while Bloomberg is generally a gold standard in journalism, there are numerous problems with the original piece. For one thing, it would be near impossible to exfiltrate data from a bugged machine in a data center as Apple and Amazon, at least, have sophisticated monitoring tools that should catch unexpected network traffic. Similarly, they should be able to detect unauthorized changes to operating systems and applications, caused by the alleged spy chips injecting backdoor code into the software stack during boot.
They also inspect hardware before it is put into production: as well as visual inspections, it is possible to scan a motherboard for electromagnetic emissions and identify anything unexpected, such as a tiny chip smuggled onto or inside a PCB - there's even a patent on this kind of technology. Finally, the chip shown in the Bloomberg piece is too small to realistically contain the necessary logic and all the data to insert a viable backdoor into a software stack. It is likely just an illustration - meaning, the journalists had no evidence of a chip to show.

by Bernard (bernard) on Wed Oct 24th, 2018 at 07:12:49 PM EST
[ Parent ]

Re: Tim Cook: Chinese Spy Story Fake News (none / 1)

It just smells wrong. Among other things, if you're the Chinese government you can just alter the chips supplied and sub your version in, you don't need to start doing complicated shit with adding components. It sounds like a report of a theoretical hack, though it occurs to me that there may be elements in US government who would do something like this as part of their trade war with China and as an attack on companies publicly opposed to their bullshit.

by Colman (colman at eurotrib.com) on Thu Oct 25th, 2018 at 09:26:06 AM EST
[ Parent ]

Pegasus: Saudi Tracking Software for Dissidents | 5 comments (5 topical, 0 editorial, 0 hidden)