Hacker News new | ask | show | jobs
by xevb3k 2818 days ago
It’s reasonably clear that the chip shown in the article is very unlikely to be any kind of microcontroller/semiconductor.

It’s embedded in ceramic. Such devices need to be fired at very high temperatures which a semiconductor wouldn’t be able to withstand.
1 comments
ohazi 2818 days ago
You can make two half ceramic pieces and cement them together nearly seamlessly with a semiconductor inside. This was common before DIP packages.
link
CamperBob2 2818 days ago
In any case, someone who can make a malicious IC die look like a balun could just as easily add their die to the EEPROM package that's intended to be there.

It makes no sense for state-level bad guys to create disguised packages and add them to boards at the assembly house. There are any number of other links in the supply chain where they could accomplish the same goal with an actual nonzero chance of getting away with it.

link
sjwright 2818 days ago
The key benefit of injecting at the assembly house is that it means you can target the injections based on the final customer. This reduces the footprint of the attack, which reduces the chances of your exploit being publicly exposed, and reduces the risks inherent in scaling up a highly specialised top secret supply chain.
link
solarkraft 2818 days ago
You're arguing against compromising the boards, right?
link
sjwright 2818 days ago
No.

I'm pointing out an advantage in putting the exploit into the supply chain as late as possible, such that it can be selected for based on customer.

Compromising the motherboard may be a good approach if the boards have some amount of customisation for each customer.

link
xevb3k 2818 days ago
No it wasn’t? They used to use gold caps.

You could absolutely use a novel manufacturing technique to make something that looks like the picture in the article.

It wouldn’t make much sense to do so, because that part doesn’t even belong on a computer motherboard, it’s an RF component.

link
ohazi 2818 days ago
Plenty that had solid tops?

https://www.dhresource.com/0x0s/f2-albu-g5-M01-4D-13-rBVaJFl...

link
xevb3k 2818 days ago
That’s fair enough, I don’t think that process would work here though?

I also don’t understand why you would do that. Given the ceramic part in question doesn’t look like anything that would be on a motherboard, and has been identified as an RF component.

link
ethbro 2818 days ago
I was going to say, the number of ways to make something look like a ceramic component are more relevant.
link