How China Used a Tiny Stealth Chip to Infiltrate 30 U.S. Companies Plus An Unknown Number of Government Agencies
For several years factories in China have been secretly placing tiny chips in common server hardware sold by Super Micro and used by many companies and some government agencies.
The chips are smaller than a grain of rice and are disguised as common innocuous chips. Some are so small that they can be embedded between PCB layers and are only detectable via x-rays.
Their purpose is to block security measures at the CPU level and to phone home to anonymous servers that a backdoor is available.
The chips on Elemental servers were designed to be as inconspicuous as possible, according to one person who saw a detailed report prepared for Amazon by its third-party security contractor, as well as a second person who saw digital photos and X-ray images of the chips incorporated into a later report prepared by Amazon's security team.
Gray or off-white in color, they looked more like signal conditioning couplers, another common motherboard component, than microchips, and so they were unlikely to be detectable without specialized equipment.
Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device's operating system to accept this new code.
The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.
2 comments:
Manufactured and supplied by Apple no doubt. Probably free of charge.
The damn Chi-coms.
Post a Comment