Article 40788 Some important technical (and skeptical) notes about the Chinese-backdoored-servers story

Some important technical (and skeptical) notes about the Chinese-backdoored-servers story

by
Cory Doctorow
from on (#40788)
Story Image

Yesterday, Bloomberg published a blockbuster story accusing the Chinese military of sneaking spy-chips "the size of a grain of rice" onto the motherboards of servers sold by Supermicro and/or Elemental for use in data-centers operated by the biggest US corporations (Apple and Amazon, among others), as well as US warships and military data-centers, and the servers used by Congress and the Senate.

Several of the involved parties issues detailed, emphatic denials, producing aa kind of he-said/she-said situation where it's hard to know who to believe (it doesn't help that Bloomberg's article relied exclusively on anonymous sources, albeit multiple sources for each claim).

If you -- like me -- are struggling to make sense of the situation, here is some further reading.

First is a pair of twitter threads by Joe Fitz, owner of Securinghardware.com: the first is largely nontechnical and talks about some of the logistical challenges involved; the second is more technical and gets into some very chewy details.

At one point in time I had a conversation about how I would put a hardware implant into a system. I'm delighted to see @qrs had a very similar assessment: https://t.co/RJS6b92XUu

- Joe Fitz (@securelyfitz) October 4, 2018

There's recent news about some really interesting hardware implants. I wanted to take a bit to share more technical thoughts and details that can't be reduced to a mainstream article on the topic.
threaded: https://t.co/7VdmaDaQNr

- Joe Fitz (@securelyfitz) October 4, 2018

Next is an excellent roundup from The Grugq (previously) who takes a skeptical look at Bloomberg's claims, points to the best parts of the worldwide debate, and tries to subject the story to some a priori analysis of what we know is possible and what we believe to be impossible.

External Content
Source RSS or Atom Feed
Feed Location https://boingboing.net/feed
Feed Title
Feed Link https://boingboing.net/
Reply 0 comments