Reply to post: Only just passes the plausibility test for me...

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

Giovani Tapini Silver badge

Only just passes the plausibility test for me...

I agree it is completely feasible that a board maker could have it's design compromised. However if you look at a motherboard it is not straightforward to add any components at all. There is not a lot of room, chip embedded in the fiberglass is likely to overheat running at CPU speeds and burn itself away, getting access to the right tracks will be non trivial. It would probably also upset the fine balance of power management that modern motherboards don't have much tolerance for.

Overall if I am to believe the theory I would expect this to have been achieved by the motherboard designers, not just bodged in at the factory. This idea that its factory changed I find completely implausible.

If you are doing this in the highly managed environment of an AWS (for example) datacentre, the network traffic is so highly managed it seems unlikely that even if data is capable of being siphoned, your ability to trigger the siphon and retrieve anything is highly unlikely to be successful. It almost certainly would be unable to be contacted directly even with insider help. This leaves the possibility that it is trained to "look" for certain data streams to activate. Again how to exfiltrate, particularly if done in bulk across a whole datacentre, I can only imagine it would have to insert the data into what appears to be legitimate traffic, a sort of steganography. Trying to get anything coherent out a a vast number of servers operating in parallel seems both impossibly hard, and highly likely to be detected.

Overall my assessment is that this is likely to have been rasied as a potential attack vector, has been validated by the various anonymous sources, but likely has never been attempted at scales as described.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020