Hacker News new | ask | show | jobs
by xevb3k 2811 days ago
Two different stories, about two very different situations. There’s not really much equivalence.

The report contains elements are are near impossible, and has other aspects that are very unlikely.

It has also been denied far more strongly than the Snowden leaks were.

The biggest problem is really why would you do this? Either the report is wrong in significant ways, or it’s not true at all.

The chip they show in the article, is a ceramic package which it would be really hard to embed a semiconductor in (because of the temperatures required to fire the ceramic). It looks like it probably would sit on an alternate footprint for the BCM flash. A ceramic part like that (which they say is for signal conditioning) doesn’t belong at that location anyway.

If your going to develop some weird SMD capacitor sized package for a microcontroller... why not just develop a new BCM serial flash chip embedding the same functionally? At least that way the boards would look visually similar.

So much just doesn’t make sense to me.
1 comments
throwaway2048 2811 days ago
The Snowden leaks were denied plenty by the companies involved.

https://googleblog.blogspot.com/2013/06/what.html

link
xevb3k 2811 days ago
And is there anything in that denial that has been shown to be technically incorrect?

My understanding is that there wasn’t involvement from google, that data was extracted without their knowledge from links between data centers.

link
throwaway2048 2811 days ago
And what about Amazon and Apple's denial will be found technically incorrect in a few years.

EDIT: to the downvoters, its easy to play this game, Apple makes a large amount of very specific denials.

    Each time, we have conducted rigorous internal
    investigations based on their inquiries and each 
    time we have found absolutely no evidence to support 
    any of them.

    Apple has never found malicious chips, “hardware 
    manipulations” or vulnerabilities purposely planted 
    in any server. Apple never had any contact with the FBI
    or any other agency about such an incident. We are not
    aware of any investigation by the FBI, nor are our 
    contacts in law enforcement.
What about investigations and law enforcement contacts via a third party (perhaps a specialized hardware security firm? )

    Our best guess is that they are confusing their story
    with a previously-reported 2016 incident in which we 
    discovered an infected driver on a single Super Micro 
    server in one of our labs.
You mean the story they explicitly denied with similar strength (and wiggle room to boot when the truth came out)

    Apple is deeply committed to protecting the privacy and
    security of our customers and the data we store. We are
    constantly monitoring for any attacks on our systems,
    working closely with vendors and regularly checking 
    equipment for malware. We’re not aware of any data being
    transmitted to an unauthorized party nor was any
    infected firmware found on the servers purchased from 
    this vendor.
https://arstechnica.com/information-technology/2017/02/apple...
link
lern_too_spel 2811 days ago
These denials match up exactly with what was in the leaked documents. Greenwald and Snowden, out of incompetence, made a bunch of unsubstantiated accusations that were not supported by the documents that the companies denied.
link