lauren@vortex.com
Date: Thu, 4 Oct 2018 09:01:24 -0700
via NNSquad https://techcrunch.com/2018/10/04/china-spy-hack-chip-bloomberg-supply-chain/
Thursday's explosive story by Bloomberg reveals detailed allegations that
the Chinese military embedded tiny chips into servers, which made their
way into datacenters operated by dozens of major U.S. companies. We
covered the story earlier, including denials by Apple, Amazon and
Supermicro -- the server maker that was reportedly targeted by the Chinese
government. Amazon said in a blog post that it "employs stringent security
standards across our supply chain." The FBI and the Office for the
Director of National Intelligence did not comment, but denied comment to
Bloomberg.
An interesting story, but aspects of it don't seem to ring quite true. I'll mention one odd aspect right now. Why would you build such capabilities into a separate chip that could ultimately be noticed as extraneous -- even if camouflaged as another sort of chip -- rather than build this capability into a chip that already was expected to be present and would never attract any attention at all? My hype detector is buzzing a bit on this saga.
[This may be just the beginning of a long saga. Discussions over the past
few days have been very contentious, with many different possible
outcomes. For example, Peter Houppermans noted these:
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
Apple is clearly not happy with Bloomberg, and refutes the story:
https://9to5mac.com/2018/10/04/apple-spy-chips-china-bloomberg/
https://aws.amazon.com/blogs/security/setting-the-record-straight-on-bloomberg-businessweeks-erroneous-article/
Also see:
https://www.theatlantic.com/technology/archive/2018/10/political-cost-chinese-hardware-hack/572383/
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
A recent bottom line may be don't believe Bloomberg:
https://www.cnbc.com/2018/10/10/fbi-director-wray-on-super-micro-servers-be-careful-what-you-read.html
PGN]