[BLOOMBERG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies - Page 3 - Overclock.net - An Overclocking Community

Forum Jump: 

[BLOOMBERG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

Reply
 
Thread Tools
post #21 of 57 (permalink) Old 10-05-2018, 12:12 AM
Retired Moderation
 
Arizonian's Avatar
 
Join Date: Dec 2010
Location: United States
Posts: 10,660
Rep: 313 (Unique: 253)
And they wonder why the US dosent accept Huawei with open arms.


CPU
|INTEL i7 4790K [4.6 GHz]
Motherboard
|ASUS Z97 Maximus Formula VII
GPU
|SAPPHIRE Nitro R9 Fury
RAM
|CORSAIR Dominator Platinum 2133
Hard Drive
|PNY CS2211 XLR8 480 [Gaming]
Hard Drive
|WD Velociraptor 1TB [Storage]
Hard Drive
|SAMSUNG 850 Pro 256 [OS]
Power Supply
|SUPERNOVA P2 1000
Monitor
|VIEWSONIC XG 2700 [4K IPS Freesync]
Keyboard
|DUCKY Shine 5 YOTG
Mouse
|LOGITECH G Pro [Modified]
Mouse
|ZOWIE G-SR Dark Gray
Audio
|SENNHEISER HD650
Audio
|SCHIIT Modi 2 Uber
Audio
|SCHIIT Magni
Audio
|BLUE Snow Ball ICE [Black]
Audio
|CORSAIR SP2500
Other
|CORSAIR Obsidian 450D
Other
|CORSAIR H100i
Other
|NOCTUA NF-F14 [2] & NF-A12 [3] Chroma
▲ hide details ▲
Arizonian is offline  
Sponsored Links
Advertisement
 
post #22 of 57 (permalink) Old 10-05-2018, 04:13 AM
Performance is the bible
 
Join Date: Apr 2009
Posts: 6,779
Rep: 437 (Unique: 301)
Quote: Originally Posted by AlphaC View Post
https://thenextweb.com/apple/2018/10...ese-spy-chips/
^ Apple denied this story
Amazon's denial

China is "winning" economically anyway. Everyone that prioritizes cost over quality produces stuff there.


* Food
* Clothing + Footwear
* Household items
* Hardware
* Electronics , such as phones / laptops / motherboards / TVs
* Toys
That is part of what the current government in the US is trying to undo.
Not that successfully atm though.


Defoler is offline  
post #23 of 57 (permalink) Old 10-05-2018, 08:27 AM
Tank destroyer and a god
 
Offler's Avatar
 
Join Date: Dec 2012
Posts: 2,305
Rep: 86 (Unique: 67)
When a company i work for started to sell way many Virtual Machines, and way too few physical servers, I became concerned about security. When Spectre/Meltdown was out - it was clear that one single compromised virtual machine can scan whole cluster.

I dont think there was any need to "insert a chip into motherboard" by the Chinese, however the bigger image... A chip like described in the article sounds like a fiction to me...

In any case, even when I am really not comfortable with the course of virtualization and cloud computing (it cannnot be safe), it looks to me like an attempt to cause financial trouble for AWS.

--- Building in progress * AMD Threadripper 1900x * Asrock X399M Taichi * Radeon VII * Gskill Xflare / Samsung B-die 3200 14-14-14-32 * Samsung 970 PRO 512gb * Fractal Design Node 804 * Seasonic Prime Ultra 850 Titanium *
--- Desktop * AMD Phenom II x6 1090t @ 3,8GHz * ASUS M5A99FX PRO R2.0 * Gigabyte R9 FuryX * A-Data XPG 2.0 / Elpida Hyper MNH 1866 @ 1600 6-6-6-18 * LSI 9211-8i / Raid 0 / 5x Corsair Force 3 GS * Creative Xfi Fatal1ty * Intel I210-T1 * Steelseries 6Gv2 * Logitech MX518 * Samsung U28E590D *
Offler is offline  
Sponsored Links
Advertisement
 
post #24 of 57 (permalink) Old 10-05-2018, 10:42 AM
New to Overclock.net
 
diggiddi's Avatar
 
Join Date: Sep 2012
Posts: 3,844
Rep: 106 (Unique: 86)
Quote: Originally Posted by spinFX View Post
Regular joes dont get hacked in this way.
You know this for a fact?

But can it run.... Angry Birds???

About the NVidia GTX 970
"When comes down to it, it's really a $250 card with lies printed all over the box."--Rexer
diggiddi is offline  
post #25 of 57 (permalink) Old 10-05-2018, 12:52 PM
New to Overclock.net
 
azanimefan's Avatar
 
Join Date: Feb 2013
Location: Phoenix, AZ
Posts: 1,892
Rep: 142 (Unique: 101)
wait a minute. did supermicro just not do any technical oversight on the parts they were getting from china? I work in IT, and one of my major clients is a defense contractor. They carefully inspect EVERY part they get before assembly. It sounds like Supermicro just wasn't doing it's f'ing job to me.

[URL="https://www.overclock.net/t/1490324/the-intel-devils-canyon-owners-club/0_40"]Intel Devil's Canyon Owners Club
Deep-6
(14 items)
CPU
Ryzen+ 7 2700
Motherboard
ASUS ROG STRIX B450-I GAMING
GPU
GTX 970
RAM
GSkill Ripjaw V DDR4 3600
Hard Drive
Samsung Pro 970 M.2
Hard Drive
Samsung Evo 850
Hard Drive
Samsung Evo 850
Power Supply
Thermaltake Toughpower Grand RGB Smart Zero
Cooling
NZXT Kracken M22
Case
Fractal Design Nano S
Operating System
Windows 10 Pro
CPU
Core I5-4690K
Motherboard
Asus Maximus VI Gene
GPU
MSI GAMING 4G GTX 970
RAM
gskill sniper
Hard Drive
Samsung 850 evo
Hard Drive
Samsung 850 evo
Power Supply
Seasonic X-650
Cooling
Thermalright HR-02 Macho Rev.B
Case
Fractal Design Arc Mini R2
Operating System
Windows 10 Pro
Monitor
Acer K242hl
Keyboard
Corsair Raptor K30
Mouse
Logitech MX518
Audio
Sennheiser - MOMENTUM Over-the-Ear Headphones
CPU
FX 8320
Motherboard
Asus Sabertooth 990FX R2.0
GPU
MSI r9-280x gaming
RAM
Crucial Ballistix Tactical 16GB (2 x 8GB) 240-Pin DDR3 SDRAM DDR3 1866 (PC3 14900) BLT2KIT8G3D1869DT1TX0
Hard Drive
Samsung 840 Evo
Hard Drive
Seagate Barracuda 1TB SATA
Optical Drive
ASUS DVD/RW
Power Supply
XFX 750W Pro
Cooling
Scythe Gentle Typhoon AP15
Cooling
Scythe Gentle Typhoon AP15
Cooling
Fractal Design Silent Series R2 FD-FAN-SSR2-140
Cooling
Fractal Design Silent Series R2 FD-FAN-SSR2-140
Cooling
Fractal Design Silent Series R2 FD-FAN-SSR2-140
Cooling
Fractal Design Silent Series R2 FD-FAN-SSR2-140
Cooling
Corsair h100
Case
Fractile Design R4
Operating System
Windows 7 Home Premium (64 bit) SP1
Monitor
Asus VH226 22" HD LED
Keyboard
Corsair K30
Mouse
Logitec MX518 Gaming Mouse
Other
APC BACK-UPS 1300G
Other
Rosewill RNX-N600PCE, Dual Band Wireless N600 Wi-Fi Adapter
▲ hide details ▲
azanimefan is offline  
post #26 of 57 (permalink) Old 10-05-2018, 08:31 PM
Iconoclast
 
Blameless's Avatar
 
Join Date: Feb 2008
Posts: 30,086
Rep: 3135 (Unique: 1869)
Hardware should be open source and subject to frequent audits at every stage of development and production...for peace of mind, if nothing else.

The very fact that this story is plausible enough to print in mainstream news tells is a strong indicator that there are major problems with transparency and accountability when it comes to hardware design, manufacturing, assembly, and QA.

Quote: Originally Posted by bucdan View Post
So, who here still wants their tech built in China so they can save some money, and at what cost? The cyber security of your own nation.
I'd like to think I don't have anything to hide, but the way laws and their enforcement work often makes them vague and subjective instruments that can often be applied to anything that is currently out of favor or weapons that can be wielded by anyone with a grudge. So, if I had to choose I'd rather have someone whose jurisdiction I'm not in stealing my data.

Quote: Originally Posted by bucdan View Post
The current White House tariffs are sounding better and better with this news.
Levelling an extra tax on something that, if it's real and does what's described, should rightly be banned outright, doesn't sound particularly helpful. Extra taxes on imports that have nothing wrong with them most certainly isn't.

Quote: Originally Posted by Arizonian View Post
And they wonder why the US dosent accept Huawei with open arms.
Huawei products is would hardly be more vulnerable to this sort of things than anything else manufactured in China or with Chinese made components...which is the overwhelming majority of tech.

Quote: Originally Posted by Offler View Post
I dont think there was any need to "insert a chip into motherboard" by the Chinese, however the bigger image... A chip like described in the article sounds like a fiction to me...
While I'm not versed on the details enough to say for sure the article is accurate or not, there would be plenty of use for a chip with the functionality described, and there is nothing implausible about that functionality either. It's technically feasible to put that sort of hardware on something small enough to pass for a surface mount resistor/capacitor.

...rightful liberty is unobstructed action according to our will within limits drawn around us by the equal rights of others. I do not add 'within the limits of the law,' because law is often but the tyrant's will, and always so when it violates the right of an individual. -- Thomas Jefferson
Blameless is offline  
post #27 of 57 (permalink) Old 10-06-2018, 12:02 AM
Old to Overclock.net
 
Join Date: Jan 2008
Posts: 2,060
Rep: 119 (Unique: 103)
China isn't the first at this, this stuff is a two way street that's been going for a while.

NSA has been known to intercept physical shipments of Cisco/Juniper networks hardware going out of country to plant hardware backdoors in it. The physical hardware base band of cellphones nowadays is littered with backdoors from Qualcomm and the likes, this is how the NSA/FBI IMSI catchers fake cell towers can upload malware to target phones and bypass any OS level restrictions. Hardware level backdoors are the way forward for all the intelligence agencies nowadays, it's the only way they can fight the strong software/encryption being used by many now.

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲


xJumper is offline  
post #28 of 57 (permalink) Old 10-06-2018, 06:22 AM
New to Overclock.net
 
New green's Avatar
 
Join Date: Jun 2015
Posts: 439
Rep: 39 (Unique: 29)
Quote:
Security experts have warned for years that the hardware supply chain is at risk, especially considering that China has a monopoly on parts and manufacturing. Up until now, though, we haven’t seen a widespread attack on US companies, as Bloomberg claims to have found. There’s no real way to prevent a hardware attack like this, sources tell The Verge, unless the tech industry wants to drastically rethink how it gets its components and brings products to market.
Quote:
In some ways, the attacks borrow techniques from jailbreaking, breaking the chain of trust between the hardware and the software instead of attacking the software itself. George Hotz, the legendary jailbreaker-turned-self-driving-entrepreneur, was skeptical of the Bloomberg story, but said a successful supply-chain attack would still be nearly impossible to mitigate with conventional security tools. “If you cannot trust your hardware, you cannot trust anything that the hardware checks,” Hotz says. “Fundamentally, there is no way to check for this in software.”
https://www.theverge.com/2018/10/4/1...-apple-servers

From a consumer standpoint I guess the main question would be how much do these hardware exploits cost and how well can they be disguised and go undetected within the global market?

Beyond a widespread attack on U.S. companies I am imagining a hardware exploit in smartphones sold to nearly every nation that may or may not be capable of detecting this would certainly be beneficial to the nation whom holds the monopoly within the global supply chain. Especially when that nation has stated they plan to be the leader in AI by 2030.

Quote:
“AI is run on data as fuel and China has so much more data than any other country,” Lee says. “While the mobile user numbers are maybe three X difference, the mobile payment numbers are more like 50 times more than the US. This huge amount of data can be cranked through the AI engine for better predictions, better efficiency, higher profits, less labour, less cost and so on. The data advantage is a huge one.”
https://www.wired.co.uk/article/why-...r-ai-dominance

Now imagine how much more data China would have access to across the global markets if these hardware exploits were to be found one day in smartphones across every nation.
New green is offline  
post #29 of 57 (permalink) Old 10-07-2018, 02:34 PM
New to Overclock.net
 
akromatic's Avatar
 
Join Date: Oct 2009
Posts: 3,649
Rep: 100 (Unique: 78)
Quote: Originally Posted by xJumper View Post
China isn't the first at this, this stuff is a two way street that's been going for a while.

NSA has been known to intercept physical shipments of Cisco/Juniper networks hardware going out of country to plant hardware backdoors in it. The physical hardware base band of cellphones nowadays is littered with backdoors from Qualcomm and the likes, this is how the NSA/FBI IMSI catchers fake cell towers can upload malware to target phones and bypass any OS level restrictions. Hardware level backdoors are the way forward for all the intelligence agencies nowadays, it's the only way they can fight the strong software/encryption being used by many now.
Funny how it is accpeted that NSA does it but not when another country is involved.

Don't do unto others what you don't want done unto you

akromatic is offline  
post #30 of 57 (permalink) Old 10-07-2018, 02:55 PM
Tank destroyer and a god
 
Offler's Avatar
 
Join Date: Dec 2012
Posts: 2,305
Rep: 86 (Unique: 67)
Quote: Originally Posted by Blameless View Post
While I'm not versed on the details enough to say for sure the article is accurate or not, there would be plenty of use for a chip with the functionality described, and there is nothing implausible about that functionality either. It's technically feasible to put that sort of hardware on something small enough to pass for a surface mount resistor/capacitor.
Well the article claimed that there was a chip of size lets say 1x2 milimeters between CPU and RAM. If its a server board, you can place it on lane where data for ECC chip are passing by...

But the chip itself would be too small to store the data in itself, so it had to send it somewhere. But its almost impossible to do it from that spot. I am not telling "its not working because I cant figure it out", that would be a fallacy. I see it as quite unlikely, not entirely impossible.

I can imagine other hardware solutions for spying, but even then... placing it in a factory... workers at factory know where the server will be deployed and installed? No. Even when you put the bug on every mainboard, you would not know which is which.

--- Building in progress * AMD Threadripper 1900x * Asrock X399M Taichi * Radeon VII * Gskill Xflare / Samsung B-die 3200 14-14-14-32 * Samsung 970 PRO 512gb * Fractal Design Node 804 * Seasonic Prime Ultra 850 Titanium *
--- Desktop * AMD Phenom II x6 1090t @ 3,8GHz * ASUS M5A99FX PRO R2.0 * Gigabyte R9 FuryX * A-Data XPG 2.0 / Elpida Hyper MNH 1866 @ 1600 6-6-6-18 * LSI 9211-8i / Raid 0 / 5x Corsair Force 3 GS * Creative Xfi Fatal1ty * Intel I210-T1 * Steelseries 6Gv2 * Logitech MX518 * Samsung U28E590D *

Last edited by Offler; 10-08-2018 at 06:33 AM.
Offler is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off