Originally Posted by EniGma1987
The bloomberg article originally made claims of magical devices that had no basis in reality. The claims were made once that the chip was the size of the tip of a pencil, and Bloombergs graphics show this, then it was changed to the size of a grain of rice, it supposedly has CPU cores that allow it to have processing power for the attack, memory located within the chip to store its commands and the attack information, has a whole networking section, and once powered on modifies core files of the operating system running on the server. So lets think about that for a second:
1) if you have the facts right, why do you claim the chip is one thing and then change it later on?
2) how do you fit a CPU core in the size of only a couple hundred transistors? Thats assuming of course it was built on something like 7-12nm, which didnt even exist at the time. Anything bigger and you have even less transistor budget. At best you dont even end up with a processing core, you get a few logic switches that can *maybe* do 1 extremely basic thing. Definitely not enough to run bootup code, detection of the OS code, initialize network stack, do packet processing, initialize file transfers, and have a memory controller.
3) memory takes up space, a lot of space. This has to be non volatile memory since it needs to store the malicious code, its own mini OS, and modified OS files. This might actually be possible to store enough data in something very small now days. But it does borderline on that possibility, because it could probably store enough memory for its own code, but its storing all the modified OS files that is an issue.
4) The networking section. First, doesnt make sense at all. Because Bloomberg says these chips are on boards that dont even have network ports on them. They are on blade module type motherboards that slot into servers. They only have a single power and data slot that connects to something akin to a PCI-E slot on a large, main motherboard. So if that is the case, why do you have a networking section at all? It wouldnt read, write, or send out stolen data over any sort of networking at all. Ok, lets say now 'Berg got it wrong and they did have these on motherboards that did have networking ports. These arent the kind of servers with a plain old 1 gigabit RJ45 Ethernet port on them. Moderns datacenter servers are running 100+ gigabit QSFP28+ networks on either Ethernet or Infiniband. There is absolutely no possible way to fit the transistors needed to connect to such a network within the space constraints this talks about. At best you could fit enough transistors for somewhere around maybe 100 megabit tops. That sort of connection being inserted in to the servers network would bring the server performance to an absolute crawl. It would send off red flags like crazy. The server wouldnt be there for more than a few minutes before a tech pulled it for diagnostics and replacement. So the entire "this chips has a networking section within it" is completely out of the realm of possibility for what Bloomberg claims.
5) This chips modifies core files of the OS? So once it is powered on, it boots up and waits till it detects the OS booted, detects which OS is running (could be Windows server 2012, 2016, one of a few Linux distros, some Unix distros), then gives itself write permission for the files needed, and then replaces the files with the modified ones. So all this means it needs to have quite a few zero day exploits within the chip as well so that once the OS boots it can gain admin privileges within the OS. Thats pretty unlikely. On top of which it needs to have these exploits for around a dozen different operating systems, and it needs to have the modified files for all these operating systems. On top of all that in over-writing OS files for stealing data, they must gain the ability to send tasks to the server CPU so that the server itself initiates data transfers back to the country who did this (China supposedly). Meaning you will see memory of the system being used, threads being taken up, networking packets going around, and IP connections to China. These things would be quite easy to spot by the various departments in these companies.
The reality is, you cannot fit all the things Bloomberg has said this magical chip can do in the size they claim it is, or in the place they claim it was put, on the boards it claims to have compromised.
On top of all that about the chip itself, these companies who were hacked are legally obligated to disclose breaches such as this if they happen. Yet they are all claiming they have no idea what Bloomberg was talking about, and Bloomberg wont disclose any sources.
My assumption was that it was designed to interrupt the Ring Zero signaling and allow code to access kernal mode or something similar.
That is the only approach that makes sense to me, but I don't know how realistic that is.