Supermicro Spy Chips

Discussion in 'Business & Enterprise Computing' started by Agg, Oct 9, 2018.

  1. connico

    connico Member

    Joined:
    Jan 30, 2004
    Messages:
    3,332
    Location:
    Sydney
    I worked for a vendor which deployed EFTPOS machines which came from the factory compromised. The only way we could tell which machines were compromised was to use a Magellan scale and weight each machine....

    These threats are real but are rare... They require heafy engineering to accomplish...
     
  2. flain

    flain Member

    Joined:
    Oct 5, 2005
    Messages:
    2,207
    Location:
    Sydney
    Most supermicro server boards have a IPMI in them (IP based KVM), it's one of the reasons why i wanted a supermicro board for my home file server - so i could run it headless many many years ago. The IPMI has access to all keyboard, video, mouse etc but is a seperate linux machine on a chip - could this be the security hole? It has had security issues in the past that needed patching. Also while a lot of boards have a seperate physical IPMI network port, in many boards the IPMI port shares the same physical port (just running on a different IP address). It wouldn't be too hard for someone who wrote the IPMI software to look at screen, keyboard and hijack/sniff the NIC they are already using.
     
    Last edited: Oct 10, 2018
  3. qwertylesh

    qwertylesh Member

    Joined:
    Aug 21, 2007
    Messages:
    8,484
    I saw the bloomberg piece about 2 days ago, crazy shit hey.

    From the article it seems that blade compute books were the target hardware, do we know if this affects any eatx variants? Ie x7 x8 x9 x10 rack unit servers

    Nvm read thread replies, so its just blades afterall
     
  4. DarkYendor

    DarkYendor Member

    Joined:
    Feb 25, 2008
    Messages:
    3,194
    Location:
    Perth
  5. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    11,772
    Location:
    Canberra
    security is like an onion - many layers.

    if your security relies on the assumption any one device is foolproof, you're the fool.

    In the past yes, a router/switch would be a good place the infiltrate, these days however, just about everything is encrypted on the wire (in gov/corp land, not in home so much), so a router having access to encrypted data is not very useful - at most it's a capture point for the hopefully futile exercise of trying to brute force the encryption offline.
     
  6. Matthew kane

    Matthew kane Member

    Joined:
    Jan 27, 2014
    Messages:
    1,943
    Location:
    Melbourne
    Any pictures of the chip? If none, I call bullshit.
     
  7. Unframed

    Unframed Member

    Joined:
    Mar 30, 2010
    Messages:
    8,962
    Location:
    Hella south west
  8. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    12,929
    What proof would a picture provide?
     
  9. Unframed

    Unframed Member

    Joined:
    Mar 30, 2010
    Messages:
    8,962
    Location:
    Hella south west
    Well if it was a picture of a Chinese employee with his government employee card in front of him putting in the chip I'd consider it decent proof.
     
  10. Doc-of-FC

    Doc-of-FC Member

    Joined:
    Aug 30, 2001
    Messages:
    3,278
    Location:
    Canberra
    If the chip is inline to the BMC you've got a lot of options.

    For example, if a system level driver (which they usually are) is open to exploitation e.g. lack of bounds checking or string length validation on the BMC data feed (because the BMC is designed to send data in a fixed format) or a usually lax, undocumented 'developer / debug' functionality then it's reasonable to assume the chip could be used for signals analysis and re-writing.

    Passing machine executable code to the processor, from the BMC or partnering driver, which is already ring 1, possibly ring 0, isn't unimaginable and a very soft target, activating passive devices has been known about for well over 50 years, for example The_Thing. it wouldn't be hard to create a monopole antenna on a motherboard, the thing is already full of traces ;)

    Supermicro / Asus usually ship ASpeed ILO controllers, although without more specifics from Bloomberg it's really quite difficult to point to a particular hypothetical vector.
     
    Matthew kane likes this.
  11. millsy_c

    millsy_c Member

    Joined:
    Mar 31, 2007
    Messages:
    12,553
    Location:
    Brisbane
    Unframed likes this.
  12. l_ QuadX_l

    l_ QuadX_l Member

    Joined:
    Jan 11, 2016
    Messages:
    132
    Location:
    -27.463203, 153.040804
    Last edited: Oct 10, 2018
  13. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    12,929
    Because you can tell what a SOIC does if you have a close up picture of it?
     
    GumbyNoTalent likes this.
  14. l_ QuadX_l

    l_ QuadX_l Member

    Joined:
    Jan 11, 2016
    Messages:
    132
    Location:
    -27.463203, 153.040804
    I didn't mention functions.. just no closeup shots available in that article.
     
  15. Smegger

    Smegger Member

    Joined:
    Jul 24, 2001
    Messages:
    2,723
    Location:
    Adelaide, with joy.
    I know very little about circuit board design or the complexities of the electronics employed. I'l leave that to better people than me.
    I am however curious, so a couple of quick and dirty screen grabs to have a look was in order.
    Now remember, the claim is that this rice sized chip has networking capability, onboard memory and processor...as well as being remotely programmable. Very impressive this new(?) nano computer!
    All with what seems to be a single trace.
    Or, is there a chip on the back of the board and the magic rice piggy backs on this side?

    Ideas? Opinions? Abuse?



    2.jpg 1.jpg
     
  16. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    6,692
    Location:
    Briz Vegas
    yes they make IC's with processors and memory that small but usually just industrial controllers with 4 memory registers that are useless without a proper controller attached. Just Google arduino and the likes for how small we currently have this tech, anything sophisticated would have to integrate with the rest of the motherboard to be usable.

    I'm highly skeptical of the China bashing, if they have the fabrication techniques to make usable silicon that small why waste the opportunity to dominate the market?

    https://www.anandtech.com/show/13445/tsmc-first-7nm-euv-chips-taped-out-5nm-risk-in-q2

    Would make this breakthrough look ho hum.
     
  17. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    57,124
    Location:
    brisbane
    because china know that everyone will just copy it.
     
    cvidler and GumbyNoTalent like this.
  18. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    6,692
    Location:
    Briz Vegas
    And not respect their copyright or patents! ;)
     
    Unframed, power and cvidler like this.
  19. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    57,124
    Location:
    brisbane
    so more money in spying for chinese govt!
     
  20. pH@tTm@N

    pH@tTm@N Member

    Joined:
    Jun 27, 2001
    Messages:
    1,985
    Location:
    BRISBANE
    yeah I'm a bit suspect on the claims. If the chip is that small, you would put it under a socket, or another larger component like the SATA socket right next to it, and nobody would find it unless they started removing soldered in stuff.

    I know it isn't that easy because traces etc, but it would have required a massive amount trace work to start with.
     

Share This Page