bloomberg on supermicro: sky is falling
markr at signal100.com
Thu Oct 4 21:52:21 UTC 2018
On 04/10/2018 22:28, Naslund, Steve wrote:
> Quite different really. FIREWALK is really an intercept device to get
> data out of a firewalled or air gapped network. The exploit Bloomberg
> describes would modify or alter data going across a server’s bus. The
> big difference is the Bloomberg device needs command and control and a
> place to dump the tapped data to over the server’s network
> connection. That device is not going to be able to do so out of any
> classified military network I have ever worked on. Or anyone with a
> halfway decent firewall (which I would assume Apple and Amazon would
> have for the internal servers). I think this article is unlikely to
> be true for the following reasons :
> 1. Separate chip is much more detectable physically than an
> altered chipset that is already on the board.
> 2. Requires motherboard redesign to get access to power and
> buses needed (again easily detectable during any design mods “hey does
> anyone know what these are for?”)
> 3. Does not have onboard communications so it will be sending
> data traffic on the network interfaces (will definitely trigger even
> the most rudimentary IDP systems). It relies on these backbone
> Internet companies and Intelligence agencies to have absolutely
> abysmal security on their networks to be at all useful.
> 4. Parts would have to be brought into the plant, stored
> somewhere, and all the internal systems would need a trail of where
> the part came from, how ordered it, where it is warehoused, loaded
> into pick/place, etc. Much better to compromised an existing chips
> supply chain.
Whatever the truth here, I'm sure that the article as it is written
isn't telling us everything. There's more to this than meets the eye
including, quite possibly, the full facts about how data would be
exfiltrated and/or, perhaps, exactly what was done to the customers'
> Does anyone think that someone somewhere is trying to kill
> Supermicro? They sure have had a lots of bad news lately.
Who knows. Perhaps we are intended to come away with certain impressions.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the NANOG