Welcome to European Tribune. It's gone a bit quiet around here these days, but it's still going.
Some technical analysis:

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know - and who is telling the truth? - The Register

So which is true: did the Chinese government succeed in infiltrating the hardware supply chain and install spy chips in highly sensitive US systems; or did Bloomberg's journalists go too far in their assertions? We'll dig in.

And two days ago:

Forgotten that Chinese spy chip story? We haven't - it's still wrong, Super Micro tells SEC - The Regidter

As far as El Reg is concerned, while Bloomberg is generally a gold standard in journalism, there are numerous problems with the original piece. For one thing, it would be near impossible to exfiltrate data from a bugged machine in a data center as Apple and Amazon, at least, have sophisticated monitoring tools that should catch unexpected network traffic. Similarly, they should be able to detect unauthorized changes to operating systems and applications, caused by the alleged spy chips injecting backdoor code into the software stack during boot.

They also inspect hardware before it is put into production: as well as visual inspections, it is possible to scan a motherboard for electromagnetic emissions and identify anything unexpected, such as a tiny chip smuggled onto or inside a PCB - there's even a patent on this kind of technology. Finally, the chip shown in the Bloomberg piece is too small to realistically contain the necessary logic and all the data to insert a viable backdoor into a software stack. It is likely just an illustration - meaning, the journalists had no evidence of a chip to show.

by Bernard (bernard) on Wed Oct 24th, 2018 at 07:12:49 PM EST
[ Parent ]
It just smells wrong. Among other things, if you're the Chinese government you can just alter the chips supplied and sub your version in, you don't need to start doing complicated shit with adding components. It sounds like a report of a theoretical hack, though it occurs to me that there may be elements in US government who would do something like this as part of their trade war with China and as an attack on companies publicly  opposed to their bullshit.
by Colman (colman at eurotrib.com) on Thu Oct 25th, 2018 at 09:26:06 AM EST
[ Parent ]