Super Micro audit is complete showing no signs of spy chips on its motherboards

G

Greg S

Posts: 1,607   +442
Bottom line: There is still no evidence that China managed to place spy chips on motherboards used by American companies. Investigations by a third-party firm have not found any reason to believe that motherboard designs have been tampered with.

In early October, Bloomberg published a piece claiming that China was using spy chips implanted onto motherboards produced by Super Micro to steal information from Apple, Amazon, and others. Super Micro has concluded its investigations into the matter and has sent notice to its customers that no evidence of malicious hardware has been found.

From the start, Super Micro has denied all claims of attacks on its supply chain. Investigative firm Nardello & Co was responsible for examining motherboards that are currently in production. Models that have been sold to Apple and Amazon were also thoroughly analyzed.

Audits on design files and software were also performed to ensure that all components being shipped were indeed legitimate. Both Apple and Amazon as well as government officials from the United States and United Kingdom have all denied any knowledge that the hardware implants described by Bloomberg exist. Tim Cook even went as far as directly calling for a retraction by Bloomberg.

Now that an investigation has been completed, Super Micro is still going over some of its legal options. No information has been shared to indicate whether the company plans to take action against Bloomberg for impacting reputation and costs of the investigation. Apple and Amazon have not made any new comments regarding the lack of evidence found.

Despite the fact that no evidence of tampering was found, the entire ordeal has at least raised awareness of the possibility of supply chain attacks. When a large number of products are produced by contract manufacturers without close supervision, it would not be difficult for a small number of units to be shipped with without going through any form of quality control checks or validations to confirm a design exactly matches its intended specifications.

Permalink to story.

https://www.techspot.com/news/77803-super-micro-audit-complete-showing-no-signs-spy.html

 
Not to be rather flippant about it, but it would make far more sense to plant spyware in software where it could easily be updated. Hardware might have restrictions as well as being physically detected more easily.
 
  • Like
Reactions: TempleOrion, Reehahs and xxLCxx
Uncle Al said:
Not to be rather flippant about it, but it would make far more sense to plant spyware in software where it could easily be updated. Hardware might have restrictions as well as being physically detected more easily.
Click to expand...

Indeed. To the few 'informed' people the report didn't make much sense. Super Micro controls the firmware, which can do literately anything (including hiding malicious code). Yet, Bloomberg gave us the “rice corn” placed into nowhere (a chip needs connections to function). Of course, they were unable to bring forth said “rice corn”.
I hope Super Micro can sue Bloomberg into oblivion, but I doubt it will work. The story has all the fingerprints of dirty propaganda on it, which means that they will fall softly.
The story broke shortly after the US (broke too) successfully extorted $1 billion from ZTE. Now we are seeing the crazy* allegations against the imprisoned CFO from Huawei. I doubt this is unrelated. I see a dirty campaign.

---
* What the US did was illegal. Iran did everything they demanded.
 
  • Like
Reactions: TempleOrion, Reehahs, Reachable and 2 others
xxLCxx said:
Uncle Al said:
Not to be rather flippant about it, but it would make far more sense to plant spyware in software where it could easily be updated. Hardware might have restrictions as well as being physically detected more easily.
Click to expand...

Indeed. To the few 'informed' people the report didn't make much sense. Super Micro controls the firmware, which can do literately anything (including hiding malicious code). Yet, Bloomberg gave us the “rice corn” placed into nowhere (a chip needs connections to function). Of course, they were unable to bring forth said “rice corn”.
I hope Super Micro can sue Bloomberg into oblivion, but I doubt it will work. The story has all the fingerprints of dirty propaganda on it, which means that they will fall softly.
The story broke shortly after the US (broke too) successfully extorted $1 billion from ZTE. Now we are seeing the crazy* allegations against the imprisoned CFO from Huawei. I doubt this is unrelated. I see a dirty campaign.

---
* What the US did was illegal. Iran did everything they demanded.
Click to expand...

What the US did was perfectly legal. The sanctions in question were not any of the ones that lifted or re-instated, and so Iran's behavior one way or another here is irrelevant beyond purchasing goods that were in violation of those sanctions. This is why Canada complied with extradition arrest.
 
  • Like
Reactions: Kibaruk and Eldritch
mbrowne5061 said:
What the US did was perfectly legal. The sanctions in question were not any of the ones that lifted or re-instated, and so Iran's behavior one way or another here is irrelevant beyond purchasing goods that were in violation of those sanctions. This is why Canada complied with extradition arrest.
Click to expand...
There is no unilateral right of withdrawal from such a contract. That's the whole point. The USA simply BROKE the treaty, which was illegal.
 
  • Like
Reactions: TempleOrion and Charles Olson
I think this outcome is expected. IF such spy chip or hardware were implemented. The amount of resource and planning put into the project should be to a point that #1 They couldn't be found through a simple audit. #2 The spy chip/hardware is only installed on particular batch OR during particular period (which is now long past) #3 "Clean Job" has already done and what ever trace of such hardware installation is all gone. Which ever the case is, I'm sure it would have been done to a point that there is no possibility of finding anything at this point.
 
xxLCxx said:
There is no unilateral right of withdrawal from such a contract. That's the whole point. The USA simply BROKE the treaty, which was illegal.
Click to expand...

You missed the point, and got it at the same time. There is no unilateral withdrawal, that part is correct to some degree. A country could go "nope, we are no longer going to enforce these sanctions", at which point they themselves usually become sanctioned by all the other remaining nations in the agreement. In that sense, there is no such thing as unilateral withdrawal because any action by one nation triggers actions by others.

In this particular case however, the sanctions the CFO is accused of violating were never lifted, so there is no debate over whether they were valid. These are pieces of the original Iran sanctions that were left in place, pieces that covered "dual-use" products, and were agreed to by the US, Canada, and China (and other nations that are irrelevant here). These are not the sanctions that were lifted by Obama. These are not the sanctions that were re-instated or put in place by Trump.

Honestly, the CFO screwed up by ever setting foot outside of China during this whole trade ware. They pretty much guaranteed their arrest and extradition to the US the second they stepped on an international flight.
 
mbrowne5061 said:
Honestly, the CFO screwed up by ever setting foot outside of China during this whole trade ware. They pretty much guaranteed their arrest and extradition to the US the second they stepped on an international flight.
Click to expand...
There are 195 countries in the world. ;-)
I've added Australia, Canada, New Zealand, the United Kingdom and the United States to the list of my personal no-go areas.
 
  • Like
Reactions: TempleOrion
fktech said:
And who did the audit?
Click to expand...
That's in the article. Here, I'm "reading it out aloud" for you:
"... Investigations by a third-party firm have not found any reason to believe that motherboard designs have been tampered with.
... Investigative firm Nardello & Co was responsible for examining motherboards that are currently in production. Models that have been sold to Apple and Amazon were also thoroughly analyzed."
 
  • Like
Reactions: TempleOrion
xxLCxx said:
That's in the article. Here, I'm "reading it out aloud" for you:
"... Investigations by a third-party firm have not found any reason to believe that motherboard designs have been tampered with.
... Investigative firm Nardello & Co was responsible for examining motherboards that are currently in production. Models that have been sold to Apple and Amazon were also thoroughly analyzed."
Click to expand...
LOL!
 
You must log in or register to reply here.

Similar threads

midian182
  • Locked
Russia slams HP for closing local website, claims world is boycotting the company
2
Replies
34
Views
515
thehacker
T
midian182
Starbucks accused of using dark patterns in its app to retain nearly $900 million
Replies
14
Views
358
Bamda
Bamda
midian182
Amazon denies reports it started a business just to spy on rivals
2
Replies
28
Views
257
yannus
Y

Latest posts

Back