The Risks Digest

rmslade@shaw.ca
Date: Thu, 4 Oct 2018 18:35:09 -0700

I started out, more than 30 years ago, researching malware and other forms of covert interference (including a number of instances involving hardware). While the possibility of a hardware attack similar to this is quite possible, the details of this story are quite suspect.

(First of all, I note that Faux News is interested. That *automatically* raises alarms :-)

There is the issue that this relates to a separate chip found on the circuit boards. If you are smart enough to make a chip that can do everything this superchip is supposed to do, you should be smart enough to put the functions into another chip on the the system (perhaps the system management controller that the superchip is supposed to control) so that an extraneous chip won't raise alarms.

Then there are all the functions this superchip is supposed to do. It is supposed to manage communications. It is supposed to subvert the operating system. (*Which* operating system? How would they know that would be the one used?) It is supposed to divert password checks.

Oh, right. It's supposed to subvert the system controller. I once reviewed a supposed antiviral system that Western Digital used as a demonstration of their new system controller chip. They made a total hash of it. Even system controllers don't have the kind of reference monitor function that this superchip would rely on.

Other parts of the story refer to other chips, some as small as a pencil tip, that could be layered into the circuit board itself. Yes, it could.
But how would you make contacts with it? (And you'd need multiple contacts
...)

While the spy parts of the story sound reasonable, the tech parts don't.
Now, it may be that there are similar types of hardware attacks mounted. It may even be that almost the whole story it true, but that the "sources" lied to Bloomberg about the tech for reasons of their own. But this smacks, to me, of the tale of the Desert Storm Virus of 1991. An April Fools joke that deceived the author of a book about the 1991 Desert Storm campaign -- and also the Pentagon press office. (Because they'd read the book ...)