[mardifoufs]

Yep! But it sadly cannot replace soldering for denser pinout layouts, unless a lot of pressure is applied. Someone tried though;

https://tomverbeure.github.io/2019/11/21/Z-tape.html

(A bit off topic but that Bloomberg story is still such a mystery to me. It went into quite a bit of details and claimed it had tons of sources, so even if it was a completely false story whoever fabricated it must have put insane amounts of efforts/identity fraud into the set up)

[kadoban]

The Bloomberg story, my thinking is that it was probably true, but someone from national security forced them to clam up.

[javajosh]

Yep. For the CIA or NSA or whomever quashing that story is a good short-term solution (protecting your spy IP - spy P?) and also medium-term (harming Bloomberg's reputation), but the longer term side-effects (harming media's reputation in general) probably ended up doing far greater harm to the US. Trust is so easy to destroy, and takes a very long time to build up again.

[timschmidt]

It was also quite a plausible hack. The faker, if indeed anything was faked, knew more than most. Enough to have done the thing for real.

[djrogers]

It was completely implausible - the chip that was identified could not possibly carry enough processing ability to do anything useful as far as espionage goes, had no connectivity to networking, and there was never any evidence of communication from these devices to anything suspicious or unknown.

[derefr]

> processing power; networking

Could the device not simply get the host to do these things for it, by e.g. rootkit-ing the server’s BMC? A “hardware virus”, per se.

[tablespoon]

>> It was completely implausible - the chip that was identified could not possibly carry enough processing ability to do anything useful as far as espionage goes, had no connectivity to networking, and there was never any evidence of communication from these devices to anything suspicious or unknown.

> Could the device not simply get the host to do these things for it, by e.g. rootkit-ing the server’s BMC? A “hardware virus”, per se.

IIRC, that's exactly what was alleged in the article. It was an implant that sat on the BMC ROM bus, fiddling with bits as the ROM was read during bootup. No need for any networking or processing ability beyond what was needed to that. This guy actually did a POC of that: https://trmm.net/Modchips/.

So totally plausable.

[exikyut]

My understanding was that it sat between the BMC and its boot flash and (assuming it was real) was designed to bit-twiddle regions of the firmware as it flew past over SPI. So basically streaming strpos() (or maybe even counting bytes) and then sending some alternate sequence of data.

That would require some processing chops to handle whatever speed the SPI bus ran at, and a bit of space to store the replacement bytes. Firmly within the margin for plausibility with even basic off-the-shelf kit. Honestly depressing really.

[luma]

Not at all implausible, it was reported to be connected to the BMC which are often notoriously insecure and which could conceivably grant it network access.

[rob_c]

No adding components activates different hardware features on the chipset its connected to. I.e. remote debug access via a reserved data line when pinX is high/low... all that would need is a single surface mount resistor or frankly tin-foil.

[peter_retief]

Had me fooled, I got quite excited reading it, ashamed to admit.