undefined | Better HN

0 pointsprotimewaster5d ago0 comments

It depends on what you consider confirmed. It was kind of corroborated, at least. There was a CEO of a hardware security firm that came forward after the original article. He claimed that his firm had actually found a hardware implant on a board during a security audit. It wasn't exactly as Bloomberg described, though.

His take was that it was very unlikely that it impacted exclusively Supermicro, though.

It was covered various places, including The Register https://www.theregister.com/2018/10/09/bloomberg_super_micro...

0 comments

kantselovich5d ago

I don't think it was a confirmed story. That is, the tiny "grain of rice" size Ethernet module that CEO of a security audit company allegedly found, was not present in other SuperMicro servers. SuperMicro itself, as well as it's buggest customers did not confirm the findings.

From what i recall, the story was very vague, there were no pictures of the specific chip, no pictures of the motherboard of the motherboard that would include serial, i.e. no details that would accompany a serious security research.

CamperBob24d ago

The only photo I saw of the "hidden Ethernet module" was a ceramic RF filter or diplexer, basically a passive $2 part that does nothing on its own, and that would have stuck out like a sore thumb if actually installed in the area where it was depicted.

Just a random surface-mount component that someone pulled off another board or found on the floor behind a workbench. Allegedly.

monocasa5d ago

Did they originally say it was a grain of rice Ethernet module?

I thought it was supposed to be an incredibly tiny micro sitting on the bmc's boot flash to break inject vulnerabilities.

kantselovich5d ago

I recall, at the time Bloomberg and their source were taking about tiny chip on the bmc that was masking as a resistor.

However they did not produce any concrete evidence, citing NDA between that security company and their client.

BobbyTables25d ago

Even that makes little sense.

A malicious modification to the flash content would leave no physical evidence…

j / k navigate · click thread line to collapse

0 pointsprotimewaster5d ago0 comments

His take was that it was very unlikely that it impacted exclusively Supermicro, though.

It was covered various places, including The Register https://www.theregister.com/2018/10/09/bloomberg_super_micro...

0 comments

kantselovich5d ago

CamperBob24d ago

Just a random surface-mount component that someone pulled off another board or found on the floor behind a workbench. Allegedly.

monocasa5d ago

Did they originally say it was a grain of rice Ethernet module?

I thought it was supposed to be an incredibly tiny micro sitting on the bmc's boot flash to break inject vulnerabilities.

kantselovich5d ago

I recall, at the time Bloomberg and their source were taking about tiny chip on the bmc that was masking as a resistor.

However they did not produce any concrete evidence, citing NDA between that security company and their client.

BobbyTables25d ago

Even that makes little sense.

A malicious modification to the flash content would leave no physical evidence…

j / k navigate · click thread line to collapse