Jump to content

Tiny Chip To Infiltrate U.s. Companies

Started by Davegt27, Oct 05 2018 01:22 AM

9 replies to this topic

#1 Davegt27

    Member

  • PipPipPipPipPipPipPipPipPipPip
  • Ace Of Spades
  • Ace Of Spades
  • 6,970 posts
  • LocationCO

Posted 05 October 2018 - 01:22 AM

Quote

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design








https://www.bloomber...s-top-companies

Edited by Davegt27, 05 October 2018 - 01:27 AM.

#2 LordNothing

    Member

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • Ace Of Spades
  • Ace Of Spades
  • 16,780 posts

Posted 11 October 2018 - 07:18 AM

some of the parts i source for my electronics hobby are of questionable origin. i cant imagine a real manufacturer being any different. and its not beyond the capabilities of governments and other entities to have an asic made to pretend to be another common part while at the same time having its own nefarious bits built in. then you slip them into the supply chain where they end up in consumer products. hell look at the intel management engine, that is almost the same as the thing i just described.

#3 Anjian

    Member

  • PipPipPipPipPipPipPipPipPip
  • FP Veteran - Beta 2
  • FP Veteran - Beta 2
  • 3,735 posts

Posted 20 October 2018 - 05:58 PM

Both Homeland Security and the UK's cyberwarfare department has denied this, as well as both Apple and Amazon. Bloomberg is left with a big egg on its face on this one.

#4 LordNothing

    Member

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • Ace Of Spades
  • Ace Of Spades
  • 16,780 posts

Posted 21 October 2018 - 03:33 AM

just because a security agency denies something does not mean that it is false.

frankly its a gaping security hole. if it has not already been exploited it will be at some point in the future. its also a damn good reason to step up domestic manufacture of electronic bits.

#5 Anjian

    Member

  • PipPipPipPipPipPipPipPipPip
  • FP Veteran - Beta 2
  • FP Veteran - Beta 2
  • 3,735 posts

Posted 21 October 2018 - 08:41 PM

View PostLordNothing, on 21 October 2018 - 03:33 AM, said:

just because a security agency denies something does not mean that it is false.

frankly its a gaping security hole. if it has not already been exploited it will be at some point in the future. its also a damn good reason to step up domestic manufacture of electronic bits.


Its both the US and the UK, and that's two national security agencies.

Why should Bloomberg know any better? Especially from 'anonymous sources'.

https://www.wearethe...=1#rebelltitem1

Edited by Anjian, 21 October 2018 - 08:47 PM.

#6 LordNothing

    Member

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • Ace Of Spades
  • Ace Of Spades
  • 16,780 posts

Posted 21 October 2018 - 11:58 PM

i dont know much about sources, but i do know about electronics. and i know that its totally possible to take a micro controller the size of a grain of rice (those exist) and stick it on top of one of the control buses and use it to intercept commands and data or to inject commands into the system. a damn fine way to bootstrap an incursion. now tamper with supply chains and call it a noise filter, stick out an impressive data sheet and every circuit designer will want to have it in their board design. of course it either does nothing or fakes whatever its supposed to do in software.

i should also point out that china usually goes out of their way to cut the bom down as far as they can. quickly eliminating any component the system can work without. so when they start putting things in it kind of concerns me.

Edited by LordNothing, 22 October 2018 - 12:08 AM.

#7 Anjian

    Member

  • PipPipPipPipPipPipPipPipPip
  • FP Veteran - Beta 2
  • FP Veteran - Beta 2
  • 3,735 posts

Posted 23 October 2018 - 01:25 AM

Not only do I know something about electronics, but I also know something about operating system design. I am going to ask you, really? How do you intend to get foreign commands to be sent into the tiny microcontrollers, which requires breaking into the kernel mode of the operating system.

If you need a backdoor to access a backdoor, what's the point of having a hardware backdoor?

I am pretty sure the cyberagencies of both the US and the UK, along with Apple and Amazon, know both their hardware and operating systems.

Edited by Anjian, 23 October 2018 - 01:25 AM.

#8 LordNothing

    Member

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • Ace Of Spades
  • Ace Of Spades
  • 16,780 posts

Posted 23 October 2018 - 03:56 AM

ever consider that they might all be in cahoots? i wouldnt doubt that the intel management engine was designed by the nsa. security starts at the hardware and if thats not secure and/or full of backdoors then you cannot build a secure system. while kernal mode is secure from userland it certainly is not secure from the hardware or device drivers. its designed on the assumption that the hardware is secure.

Edited by LordNothing, 23 October 2018 - 04:07 AM.

#9 Anjian

    Member

  • PipPipPipPipPipPipPipPipPip
  • FP Veteran - Beta 2
  • FP Veteran - Beta 2
  • 3,735 posts

Posted 30 October 2018 - 09:15 PM

View PostLordNothing, on 23 October 2018 - 03:56 AM, said:

ever consider that they might all be in cahoots? i wouldnt doubt that the intel management engine was designed by the nsa. security starts at the hardware and if thats not secure and/or full of backdoors then you cannot build a secure system. while kernal mode is secure from userland it certainly is not secure from the hardware or device drivers. its designed on the assumption that the hardware is secure.



"If its a conspiracy theory, I have to be right."

#10 LordNothing

    Member

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • Ace Of Spades
  • Ace Of Spades
  • 16,780 posts

Posted 30 October 2018 - 10:26 PM

just because you're paranoid doesn't mean they aren't out to get you.
Back to Off Topic Discussions · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users