You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Looking at the GIF in @BW's story about China putting hardware implants into Supermicro servers, it all looks reasonably realistic as a MITM on the BMC's SPI boot flash. I don't know how real the photo is supposed to be, though.pic.twitter.com/eQxp5RsNG6
The thing is the only reason you'd do this instead of just modifying the flash would be to more easily survive updates, or if the flash is programmed too late in the process to hijack.
Also note that the location of the implant is obviously not a normal capacitor/etc, because it's in the middle of an alternate SPI flash footprint. However, that is not a constraint if you're backdooring a system and you know they never populate the alternate footprint.
FWIW, here's a high-res photo of the same board. Nothing suspicious on this one.https://twitter.com/IT_Creations/status/1047939818867445760 …
Never underestimate fastest/cheapest/easiest. If it's true and they're found out, they'll adjust.
Or fake-news USA-china war?
Hi Hector, thanks for the details, appreciate? In your opinion, is there a non-invasive programmatic way of testing for the presence of this implant?
Probably, but you'd need a sample to develop a robust test for it, and it *could* employ tricks like turning itself off and being undetectable under certain conditions.
How does the BMC come into this though – from this it sounds like they were using it to communicate on the network without going through the OS? Could just be journalistic garbling though...pic.twitter.com/gZTu6F4w1U
The BMC is the easiest part of a server to persistently compromise. It is rarely updated, has network access, often can even hijack the host's network, and has a zillion ways to take over the host OS.
Do the boards really read the flash w/ normal SPI instead of QSPI mode? If it's SPI the bug should have the following signals: GND, Vdd, nCS_in, SCK_in, MISO_in, MISO_out. If board does QSPI the bug might use classic SPI mode to access and modify the flash when bus not driven?
One could probably do w/o nCS. Read requests should have a nice regular pattern. I wonder if having MOSI instead of nCS would be more solid. Siphoning Vdd via clamping diodes from the IOs might also work.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
