| You may not be aware of the great talk titled "Modchips of the State" [1] (presented at 35C3 in Dec 2018). The speaker managed to reproduce the exact single-chip hardware implant attack suggested in the Oct 2018 Bloomberg Businessweek story [2] [3], which claimed Amazon and Apple found malicious hardware implants in Supermicro motherboards while conducting detailed inspections. While Bloomberg has never retracted the story, there's an argument that the sources have vested interests in lying to Bloomberg suggesting that attacks developed in lab-conditions actually occurred in the real-world, in order to raise awareness of supply-chain risks (something the current US administration has been attempting to do for some time). There's also a suggestion that the journalist was acting in good-faith but mixed up a few different attacks, with the sources reluctant to clarify things. Another suggestion is that the attack did happen, and Amazon and Apple were forced to issue denials. It's a very fascinating story. Maybe I'm naive, but if Bloomberg was in-fact wrong, they would issue a correction or a retraction. The fact they haven't retracted it suggests to me that there's truth to the story. [1] https://www.youtube.com/watch?v=C7H3V7tkxeA [2] https://www.bloomberg.com/news/features/2018-10-04/the-big-h... [3] https://www.youtube.com/watch?v=UJGbcjfJ7rU |