>> It was completely implausible - the chip that was identified could not possibly carry enough processing ability to do anything useful as far as espionage goes, had no connectivity to networking, and there was never any evidence of communication from these devices to anything suspicious or unknown.
> Could the device not simply get the host to do these things for it, by e.g. rootkit-ing the server’s BMC? A “hardware virus”, per se.
IIRC, that's exactly what was alleged in the article. It was an implant that sat on the BMC ROM bus, fiddling with bits as the ROM was read during bootup. No need for any networking or processing ability beyond what was needed to that. This guy actually did a POC of that: https://trmm.net/Modchips/.
> Could the device not simply get the host to do these things for it, by e.g. rootkit-ing the server’s BMC? A “hardware virus”, per se.
IIRC, that's exactly what was alleged in the article. It was an implant that sat on the BMC ROM bus, fiddling with bits as the ROM was read during bootup. No need for any networking or processing ability beyond what was needed to that. This guy actually did a POC of that: https://trmm.net/Modchips/.
So totally plausable.