undefined | Better HN

0 pointsWillPostForFood1mo ago0 comments

What was the last thing Schneier wrote on it? I thought it was this:

I don’t think it’s real. Yes, it’s plausible. But first of all, if someone actually surreptitiously put malicious chips onto motherboards en masse, we would have seen a photo of the alleged chip already. And second, there are easier, more effective, and less obvious ways of adding backdoors to networking equipment.

https://www.schneier.com/blog/archives/2018/11/that_bloomber...

0 comments

alephnerd1mo ago

https://www.schneier.com/blog/archives/2021/02/chinese-suppl...

HNers are acting reflexively skeptical (which isn't always a bad thing), but targeted supply chain based attacks conducted by a nation statein the manner described are actually doable, and back when I was still a line-level SWE this was when we started putting significant engineering effort into hardware tampering protections back in the 2015-17 period.

The hardware supply chain incident itself most likely happened in the late 2000s to early 2010s when hardware supply chain security wasn't top of mind as an attack surface.

Modchips targeting contemporaneous gaming systems like the PS1 and PS2 use a similar approach to the SuperMicro incident.

j / k navigate · click thread line to collapse

0 comments

alephnerd1mo ago

https://www.schneier.com/blog/archives/2021/02/chinese-suppl...

The hardware supply chain incident itself most likely happened in the late 2000s to early 2010s when hardware supply chain security wasn't top of mind as an attack surface.

Modchips targeting contemporaneous gaming systems like the PS1 and PS2 use a similar approach to the SuperMicro incident.

j / k navigate · click thread line to collapse