[kantselovich]

I don't think it was a confirmed story. That is, the tiny "grain of rice" size Ethernet module that CEO of a security audit company allegedly found, was not present in other SuperMicro servers. SuperMicro itself, as well as it's buggest customers did not confirm the findings.

From what i recall, the story was very vague, there were no pictures of the specific chip, no pictures of the motherboard of the motherboard that would include serial, i.e. no details that would accompany a serious security research.

[CamperBob2]

The only photo I saw of the "hidden Ethernet module" was a ceramic RF filter or diplexer, basically a passive $2 part that does nothing on its own, and that would have stuck out like a sore thumb if actually installed in the area where it was depicted.

Just a random surface-mount component that someone pulled off another board or found on the floor behind a workbench. Allegedly.

[monocasa]

Did they originally say it was a grain of rice Ethernet module?

I thought it was supposed to be an incredibly tiny micro sitting on the bmc's boot flash to break inject vulnerabilities.

[kantselovich]

I recall, at the time Bloomberg and their source were taking about tiny chip on the bmc that was masking as a resistor.

However they did not produce any concrete evidence, citing NDA between that security company and their client.

[BobbyTables2]

Even that makes little sense.

A malicious modification to the flash content would leave no physical evidence…