{"id":17846,"date":"2018-10-08T19:36:10","date_gmt":"2018-10-09T00:36:10","guid":{"rendered":"http:\/\/huewhite.com\/umb\/?p=17846"},"modified":"2018-10-08T19:36:50","modified_gmt":"2018-10-09T00:36:50","slug":"17846","status":"publish","type":"post","link":"https:\/\/huewhite.com\/umb\/2018\/10\/08\/17846\/","title":{"rendered":"Nice Computer Ya Got There – Pity If Something Were To Happen To It"},"content":{"rendered":"

On\u00a0Lawfare<\/b><\/i>, Nicholas Weaver\u00a0comments\u00a0<\/a>on a report of certain servers in use by various U.S. companies being compromised by the Chinese People’s Liberation Army (PLA):<\/p>\n

Robertson and Riley report a scheme in which Chinese intelligence bribed, threatened or cajoled at least four separate subcontracted manufacturing facilities in China to modify the design of SuperMicro server motherboards to include a small chip\u2014smaller than a grain of rice\u2014that would insert the backdoor into the BMC.<\/p><\/blockquote>\n

This scheme is less crazy than it might seem.\u00a0 Modern circuit boards are filled with small support chips, and the backdoor chip would appear to be just another faceless component to all but the most detailed examination. And while the Bloomberg article doesn\u2019t go into the mechanics of how this would work, there\u2019s one likely culprit: the\u00a0serial<\/a>EEPROM<\/a>\u00a0chip or a\u00a0serial FLASH<\/a>\u00a0chip, which is used to store program and other instructions used during the startup process. The BMC itself loads at least some data from such a chip, which itself needs only two wires to communicate\u2014so it would only take two connections for a rogue chip to mask the contents of a SEEPROM or SPI FLASH, replacing the contents and thereby corrupting the BMC by installing the backdoor code. …<\/p>\n

Then there is the question of whether the NSA is aware of other supply chains compromised in similar manners. If so, a quiet nudge may be a good idea. This style of backdoor can be very hard to find until one knows where to look, but is reasonably discoverable once the searcher pointed in the right direction.<\/p><\/blockquote>\n

This is one of the problems with free trade with adversarial countries such as China that can supply components cheaply – we end up revealing our secrets without ever realizing it.<\/p>\n

But it also suggests a business opportunity, the supply of components and servers certified to be free of industrial espionage. Manufacturers would probably be required to provide proof, probably through inspection, and perhaps even a bond for each server sold – although bonds may not be sufficient to restrain some avaricious businessmen.<\/p>\n

In essence, it’s a trade war without the drama.<\/p>\n

Another reason to distrust private sector folks who think it’s all about making money.<\/p>\n","protected":false},"excerpt":{"rendered":"

On\u00a0Lawfare, Nicholas Weaver\u00a0comments\u00a0on a report of certain servers in use by various U.S. companies being compromised by the Chinese People’s Liberation Army (PLA): Robertson and Riley report a scheme in which Chinese intelligence bribed, threatened or cajoled at least four separate subcontracted manufacturing facilities in China to modify the design \u2026 Continue reading → <\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-17846","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/17846","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/comments?post=17846"}],"version-history":[{"count":2,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/17846\/revisions"}],"predecessor-version":[{"id":17848,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/17846\/revisions\/17848"}],"wp:attachment":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/media?parent=17846"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/categories?post=17846"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/tags?post=17846"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}