[exoesquitur]

From a technical perspective I found this story compelling, so I tried out a simple hack to see if it were "possible".

Using an attiny85 uC, a couple resistors, a cap, and a couple diodes I had laying around, I was able to wire up a two terminal "device" that pretty much acts like a 5k pull up resistor on a I2C line.... But when you pass data through the signal line (SDA) wire it can read and modify it. It is crude and very limited, but it works (only at lower I2C data rates in this case, but hey, it's a cheap hack).

A nation state adversary could trivially miniaturize this to the size and form of an SMT resistor, and use a much more capable uC in the process.

Im not saying that this substantiates the Bloomberg story in any way.

Just saying it's a great (black hat) idea, and it works.

It would surprise me a little if this weren't used in the wild by somebody.

[kryogen1c]

The argument that Bloomberg's claim doesn't pass the smell test never originated from the fact that aftermarket out of band management controllers aren't possible, but that it's extremely unlikely that no one ever noticed at any stage.

Some hack targets multiple megacorporations that also lead the technical revolution and all those companies go out of their way to explicitly deny anything ever happened? Undetected arbitrary code execution is one thing, but what was the exfil plan that also avoids a totally separate detection system?

On top of that, these authors are known publishers of bad technical stories?

Possible was never the problem, but the total lack of evidence and massive unlikeliness just doesn't add up.

[lawnchair_larry]

It’s not that no one ever noticed. It’s that the folks who thought somebody did notice didn’t have any idea what they were talking about.

[setquk]

You can buy a $10 aliexpress logic analyser and lift data off a high speed bus easily. I've got a rather nice oscilloscope that actually does this.

However there's a massive disparity between that and actually modifying the bus data, pattern matching data going across it, delivering a payload effectively (watch how flakey serial busses get at high speeds), miniaturising and packaging the entire exploit, compromising supply chains and board reviews and inspection.

For an analogy, it's like donning a yellow jacket, necking half a bottle of whisky then carrying a bazooka across the whitehouse lawn.

I don't and never will buy this attack vector. They could have easily infiltrated the chipset manufacturer, but no they went through a huge number of difficult steps which leave thousands if not million of smoking guns around which are all traceable back to the source. Hmm...

[lupire]

Hardware hacks are easy for anyone who works in that industry. What's hard is making software that runs on that hardware do anything useful -- it would need to communicate with external command&control and know how to read interesting data or send interesting effectful commands to the mainboard.

Making the main board fail arbitrarily would be easy, but controlling the board or exfiltrating data is hard.

[PeterisP]

I have the entirely opposite opinion - once you have managed to attack the supply chain and covertly deploy, say, some hardware can write a few hundred arbitrary bytes to the firmware (which was described as the attack vector by Bloomberg), then that's essentially game over. Perhaps designing the hardware hack is easy, but getting the malicious chip on the devices shipping to your targets and keeping it a secret is not trivial.

"communicate with external command&control and know how to read interesting data or send interesting effectful commands to the mainboard." is hard only in the sense that it takes some effort, however, this requires pretty much the same capabilities and skills as every engineered malware we've encountered, so you can assume that every serious adversary can do it, not only nation state adversaries but many serious commercial pentesting companies and cybercrime teams have demonstrated such capabilities.

I can imagine an attacker that can make the "hard" software required but doesn't have the capability to insert that modified hardware within a supply chain - as in, it's not even assumption, for pretty much every intelligence agency it's known that they can easily do software which "would need to communicate with external command&control and know how to read interesting data or send interesting effectful commands to the mainboard" - even just counting things that have failed (because we've detected and analyzed and attributed them), there's clear evidence that they can do it because they've done it many times.

I literally can't imagine an agency that can pull off the supply chain attack but doesn't have the capability to write software to control the board and exfiltrate data.

[llama052]

I just can't imagine anyone exfiltrating the data on a corporate level at any scale without raising alarms. It's just not realistic, once it leaves the board it's pretty easy to see over a network.

Now specific targeted attacks is more believable, at that point though I'd think a one off MITM hardware swap would be more likely.

[scooter2]

You don't need to exfiltrate data, just detect if some crypto workload was occurring and weaken it in a way known to you.

[esmi]

This is very interesting. Can you be a bit more specific about the design?

When you say you created a two terminal device; do you mean you have a PCB (or equivalent) with two IO pads which you soldered to the pads which would normally be occupied by I2C pull-up R, but on a different PCB.

Basically, I'm wondering how the attiny85 was powered.

Given your description, I'm guessing you made a local power well which floated on the SDA line similar to how a boost cap works in a buck regulator (or more generally a charge pump). This is also approximately how a one-wire device works, like say the DS28E07.

To turn a 0->1 strengthen the pull-up equivalent which is in parallel to the uC circuit. I could probably add a simple feedback circuit to make sure the pull-up is just strong enough to keep SDA above VOH_min which should help prevent the I2C driver from getting damaged. To turn 1->0 open the pull-up equivelent and let the bit leak down.

Assuming standard I2C, I just need to make sure by uC is fully booted and ready to go by the end of the start bit. Should be doable.

I think I mostly convinced myself I could build one too. Of course any board I want to attack probably uses a SPI ROM, so roughly the same idea, but in a series termination resistor. :)

[mrb]

«Basically, I'm wondering how the attiny85 was powered»

You guys are overthinking this. Server motherboard PCBs are usually 4-8 layers with GND and VCC planes available near any component. The hackers, according to Bloomberg, modified the motherboards, so presumably they would simply add vias to the GND and VCC planes to power their rogue chip. You don't gain much by going the trouble of making the chip self-powered by leeching current from the SPI line... The vias that bring power to the chip can be hidden within layers (it's a standard thing to do) It would not even be detectable by a visual inspection. You would have to x-ray the PCB to detect it.

I'm with the GP. I've said it before (https://news.ycombinator.com/item?id=18146566): the presumed hack described by Bloomberg is actually not that hard, and perfectly doable. All the attacker has to do is compromise the PCB manufacturer. Actually not even that. He would swap a box of legit PCBs with a box of compromised PCBs when they are in transit from the PCB manufacturer to the assembler. The assembler (the one who solders components on the PCB) wouldn't suspect a thing because normally PCBs are just passive things. No chip. No logic. No firmware. Just stupid layers of copper that either work (conduct electricity) or don't. That's why no one pays attention to PCB manufacturers and instead supply chain security is focused on everything higher in the chain: the providers of components, the assemblers, the distributors, etc.

This Supermicro rogue chip story is in fact an attack much less advanced than some real-world attacks we have seen, like Stuxnet which exploited four(!) zerodays...

[rrix2]

The assembler still has to put a special SKU 5k resistor (with our BMC modifying framework burnt in to it) on the modified PCB without anyone noticing though. I don't follow your conclusion that only the PCBs would have to be swapped.

[mrb]

The attackers supposedly installed the tiny rogue chip, sandwiched between the layers of the PCB (which is unusual and the main innovation of this whole attack), before the PCBs reached the assembler. The assembler start soldering components without knowing one is already hidden in there...

[dsl]

I don't know why anyone is doubting this is possible in the first place. From the Snowden leaks we know in 2008 the NSA had an _entire computer_ complete with CPU RAM and an FPGA smaller than the size of a dime [1] that they implanted inside other devices.

The NSA was also actively using COTTONMOUTH II [2] which was a USB header for a motherboard that could be inserted into the supply chain and provided a long range transceiver for software implants to bypass airgapped networks.

Ten years on I would not be surprised that the Chinese have a similar tool in an even smaller form factor. People seem to be treating this like a futuristic sci-fi plot.

1. https://upload.wikimedia.org/wikipedia/commons/c/cc/NSA_MAES... 2. https://leaksource.files.wordpress.com/2013/12/nsa-ant-cotto...

[trhway]

>A nation state adversary could trivially miniaturize this to the size and form of an SMT resistor, and use a much more capable uC in the process.

And sandwich it between the PCB layers. No way to find even upon close up inspection without Xraying the board itself, and even interpreting the Xray image of modern multilayer board would be a nontrivial task. I dont think Supermicro did it, at least for statistically meaningful set of boards.

[phire]

Or just replace one of the existing chips on the i2c bus with an identical but malicious one.

I don't know how you would even detect that, short of decapping and scanning the die in.

[mianos]

That would be as easy as getting a same sized chip that is, say, an attiny, a bit of sand-papering and a laser to re-etch the package. If you had access to a wire bonding machine, not difficult, you could mount a second die in a de-capped package and cap it up with a bit of black resin. This would not require state level actors. Bunny Huang type of guys could do it.

[asimpletune]

I don’t think they have to use xrays. I heard that they spin the boards and measure the angular momentum with very sensitive equipment. I don’t know how you could get around that.

[Retric]

Spinning the boards is of limited use. The attacker now has a specific target to aim for.

It might be useful if nobody knows your doing it, but other than that it’s mostly pointless especially if you compromise every sample.

[antoinealb]

Curious about how you implemented this. Could you share the schematic somewhere ? It would be very interesting !

[jiveturkey]

> A nation state adversary could trivially miniaturize this to the size and form of an SMT resistor, and use a much more capable uC in the process.

please do elaborate on this uC that will be the size of an SMT resistor, in a 2 lead package.

[kw71]

I am having trouble understanding and believing.

How did you get an ostensible power terminal (for pull up) and two terminals for MiTM (input and output) from two terminals? Assuming a situation where there are other pullups on the wire, how did you assert the low state (short to ground) without a connection to ground?

[kw71]

Yeah I didn't think so.

[kickopotomus]

This is pretty cool. I would also be interested in reading more about it if you made a blog post or some such. How did you manage to sync with SCL?

[4684499]

> Just saying it's a great (black hat) idea, and it works.

How good is the idea while you could be caught with physical evidence?

[qaq]

if you are a state actor implanting devices on your soil why would you care?

[CamperBob2]

Ask Huawei or ZTE why.

Corporations are state actors in China, and their actions have worldwide repercussions.

[lupire]

How are they relevant?

They are investigated for intentional business practices, not for secret hacks by unknown entities.

[qaq]

There is no reason to impact domestic companies you can implant in US companies devices

[neotek]

I would really love to see some photos and a schematic if you're willing to share, that sounds awesome.

[m3kw9]

Probably a win win for US Megacorp Inc and China that nothing malicious was found. Every company even Apple has a line to draw what threatens their long term prospects if things got out.