The Big Hack or Big Wrong

On October 4th, Bloomberg Businessweek published a striking story [1] that China used a tiny special Trojan chip on the Supermicro server’s motherboards to infiltrate U.S. companies. Amazon, Apple and other 30 U.S companies were attacked according to the report. This investigation report was done by Jordan Robertson and Michael Riley.

They summaries 5 steps that how the hack worked

  1. Chinese military unit made pencil tip size microchips which looks like RF conditioning couplers. It can organize a networking attack by incorporating memory and other peripheral equipment.
  2. Microchips were manufactured on the Supermicro server motherboards at China OEM factories.
  3. The corrupting motherboards were installed into servers by Supermicro.
  4. The compromised servers were used in data centers by U.S. companies.
  5. The microchips can manipulate the server OS as the server switch on.

In the interview of Jordan Robertson, he said china aim to gain a long-term access to high-value intellectual property and sensitive government data.

It looks like a great story until Amazon, Apple, and Supermicro clearly deny the report. [2]

Amazon

It’s also untrue that AWS knew about servers containing malicious chips or modifications in data centers based in China, or that AWS worked with the FBI to investigate or provide data about malicious hardware.

Apple

… Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server.

Either Bloomberg Businessweek is wrong, or Apple and Amazon is lying. However, we just couldn’t see any reason that Amazon even deny a cooperation with the FBI. Apple just gave a strong and clear statement that “The Big Hack” is not a true story. Apple is in a big risk of serious penalties if they misrepresenting the facts of serious security issues.

The microchips described as conditioning couplers, but it’s hard to believe that China already had the design and manufacturing ability to integrate a super tiny logic processor and other functions modules into such a small size package. From the Bloomberg disclosed picture, the microchips look like a 0603 package 2.45GHz Balun/Filter combination. 0603 package means 0.6mm x 0.3mm.

It’s surely this story will be possible in the future, but at least not now.

[1] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
[2] The Big Hack: Statements From Amazon, Apple, Supermicro, and the Chinese Government

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.