Hobbyists can plant hidden spy chips on motherboards for $200

mongeese

TS Maniac
Staff member

Citing six senior national security officials and several higher-ups within Apple and Amazon, Bloomberg claimed that the manufacturing facilities constructing Supermicro motherboards had been infiltrated by a branch of China’s People’s Liberation Army. The PLA was reportedly adding a rice grain-sized chip capable of monitoring and altering communications with the motherboard’s BMC (baseboard management controller). The compromised motherboards had allegedly been sold in the tens of thousands to US customers, who could all, theoretically, be leaking their data to China.

Supermicro, Apple and Amazon all denied claims that they’d discovered the chips vehemently, the NSA said the threat was a false alarm, and the debate ended there. Last December, however, the hack was proven possible by Trammell Hudson, who’d found a spot on the Supermicro motherboard where a tiny chip could replace a small resistor and remain unnoticed. He connected a proof-of-concept chip only slightly larger than the resistor through external wires and completed the hack, concluding that anyone with a fab would be able to do a better job and remain undetected.

"For an adversary who wants to spend any money on it, this would not have been a difficult task," Hudson says.

Monta Elkins, who’s the “hacker-in-chief” for security firm Foxguard, can do it without the budget. Elkins, who’ll be formally presenting his work at the CS3sthlm security conference this month, was able to gain control over a Cisco ASA 5505 firewall server with a chip lifted from a $2 Digispark Arduino board. He assembled his hack using a $150 hot-air soldering tool and a $40 microscope.

"We think this stuff is so magical, but it’s not really that hard," Elkins told Wired. "By showing people the hardware, I wanted to make it much more real. It’s not magical. It’s not impossible. I could do this in my basement. And there are lots of people smarter than me, and they can do it for almost nothing."

Once soldered to the board (which didn’t require any special rewiring) the ATtiny85 chip impersonates an administrator as the server boots up and triggers a common password recovery feature. It gains access to the firewall settings which can be reconfigured remotely, enabling the hacker to disable security features or access logs of connected devices. Elkins says the hack could also be used to gain full control over the system, but he didn’t go that far with his proof-of-concept.

Perhaps the scary thing about all this is that Elkins didn’t exactly do too much here – he chose the server board because it was the cheapest one on eBay, and he chose the chip because it was the fastest to program. He could have gone further as well, by hiding the chip inside a radio-frequency shielding can on the board, but he wanted to be able to point it out on diagrams.

"What I want people to recognize is that chipping implants are not imaginary. They’re relatively straightforward," says Elkins. "If I can do this, someone with hundreds of millions in their budget has been doing this for a while."

Hardware hacking has often been considered inconceivable. Certainly, software-based espionage is much simpler against the vast majority of targets, but hardware hacking is a demonstrated technical reality that could become a major concern in the future.

Image Credit: Umberto on Unsplash

Permalink to story.

 

Eldritch

TS Maniac
So if a IT guy goes rogue and puts a simple chip into mobo, not only will he get full access but it will also be undetectable atleast for years and it will be impossibly hard to prove the culprit at that point.
Just frigging great...
 
  • Like
Reactions: Darth Shiv

psycros

TS Evangelist
The fact that they all denied the reality of this kind of hack after the horse had left the barn (in the form of internal leaks) indicates that their quietly, desperately trying to fix the problem. Most likely western governments are hoping to disguise the fact that they've discovered and owned the hack so they can use it to feed China false data. China has most likely already started working on a hardware compromise method that's harder to detect. Meanwhile, the greedy fools in the corporate boardrooms keep sending their crown jewels to China because they can make an extra two bucks per unit compared with secure domestic production that creates jobs at home.
 
  • Like
Reactions: Charles Olson

toooooot

TS Evangelist
I think Chines are making even more advanced hacks as we speak.
Think of how paranoid Russia was and now multiply it on the amount of tech western countries surrendered to China and realize what they can and probably do.
 

Yynxs

TS Addict
I am reminded of some emails I sent to active duty buddies concerning Chinese and Russian owned internet servers in the great Northern Virginia server farms a decade or so ago. I noticed because I'm paranoid about who sees my data movement no matter where they're purportedly located or how 'friendly' they are. I'm not important enough for anyone to care about my systems so why was I connecting to Chinese company owned servers? Ownership wasn't hidden in those days because no one was paranoid enough to believe routing all traffic through the server farm would give the adversaries useable information. Everything is encrypted right? Except the years and articles here and elsewhere have shown it wasn't and it was a massive harvest if the Russians and Chinese were doing anything with it.
Now the same people you had to beat on the head to get them to pay attention to a real security risk are putting all of the CIA, and the rest of the alphabet agencies data 'in the cloud'. Probably based on the concept that neither the Chinese nor the Russians have placed any agents in cloud server maintenance and high level encryption is unbreakable unless quantum computers become a useable reality. Of course, neither the Chinese nor the Russians are investing in quantum computer development.

Now built-in chips on tens of thousands of KNOWN motherboards placed in lowest bid GSA purchases. There's probably no chips on unknown motherboards. That's just paranoia.
 
  • Like
Reactions: Capaill

Uncle Al

TS Evangelist
While the probability of this happening might seem small. let's remember that the first resistors were bigger than the computers, but over time were reduced in size to be barely noticeable. No reason this sort of technology could not be reduced to hard coded elements that could be added to other legitimate elements (especially those that are bought through 3rd parties) and become part of the normal manufacturing process.
AND since anyone that has dealt with GSA and knows their methods, they don't have a process for quality inspection of what they buy so such a sham could easily be passed on without anyone knowing anything about it until it far too late.
Good reporting!
 

Jeffrey2009

TS Member
I am reminded of some emails I sent to active duty buddies concerning Chinese and Russian owned internet servers in the great Northern Virginia server farms a decade or so ago. I noticed because I'm paranoid about who sees my data movement no matter where they're purportedly located or how 'friendly' they are. I'm not important enough for anyone to care about my systems so why was I connecting to Chinese company owned servers? Ownership wasn't hidden in those days because no one was paranoid enough to believe routing all traffic through the server farm would give the adversaries useable information. Everything is encrypted right? Except the years and articles here and elsewhere have shown it wasn't and it was a massive harvest if the Russians and Chinese were doing anything with it.
Now the same people you had to beat on the head to get them to pay attention to a real security risk are putting all of the CIA, and the rest of the alphabet agencies data 'in the cloud'. Probably based on the concept that neither the Chinese nor the Russians have placed any agents in cloud server maintenance and high level encryption is unbreakable unless quantum computers become a useable reality. Of course, neither the Chinese nor the Russians are investing in quantum computer development.

Now built-in chips on tens of thousands of KNOWN motherboards placed in lowest bid GSA purchases. There's probably no chips on unknown motherboards. That's just paranoia.
Are you serious with "neither the Chinese nor the Russians are investing in quantum computer development."?
 
  • Like
Reactions: Darth Shiv

p51d007

TS Evangelist
The other problem, is if anyone does business in China, you are "forced" to hand over some of your "intellectual property" to China, making it even easier for them to reverse engineer things, which is why you see so many knock offs, that come from China. WORST thing Nixon ever did was open up trade with the Communist in China in 1971.
 

Ted Ingersol

TS Rookie
Consoles have been hacked since they were released to the market. It's not such a leap in logic to discover that this can and will be done.
 

gollum21

TS Enthusiast
Has NOBODY heard the very common warning that "There is NO security without Physical Security."?
Most people haven't, that's for sure. Many don't even know desktop/server towers can have a spot for padlocks on the back.

Also somewhat off topic but you'd think with all the ransomeware attacks that keeping backups would be common practice too lmao.

And don't even get me started on non-tech savy users. One of the weakest links in all of network security. While you scrunitize all your hardware and software some dufus is going to open bad emails, bring in an infected USB from home, ect.
 

Latest posts