[xevb3k]

Or just replace an existing chip, which is the most logical way to do it...

[mrb]

Altering the flash chip would be too obvious. It's a textbook 101 supply chain attack... Looking at the flash image (dumping it) or chip (x-raying it) would be the first thing anyone would do if they suspected something fishy. A tiny SPI man-in-the-middle chip sandwiched between the PCB fiberglass layers is a lot more discrete and more generic (same MitM chip fiddling with transmitted bytes can attack many different flash platforms, regardless of the sizes/pinouts/footprints of the flash chips).

[lmm]

That seemed to match the lightbluetouchpaper description - the "hack chip" goes where the optional legacy (non-quad) SPI chip would go.

[xevb3k]

Given the size estimation, it wouldn’t cover the whole footprint.

But... why put it on an unpopulated footprint. Why not just replace the original Quad SPI IC with a backdoored device?

[lmm]

What do you then do when they upgrade/change the Quad SPI IC? A separate chip means a stable interface they can conform to.

[ggggtez]

How do you know they don't do that too? This is just one news story, from one manufacturer.

[xevb3k]

I’m mean they could do that too... but why do this weirdly awkward thing described by Bloomberg at all?

It’s not like doing both is extra sure, it’s just weirdly difficult and more easily detectable to do it in the way described.