Reply to post: Re: Chinese agents slip spy chips into Super Micro servers

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

phuzz Silver badge

Re: Chinese agents slip spy chips into Super Micro servers

The report says that the component was designed to hack the BMC, which can already do everything that the IntelME can do and more. So yes, using a vulnerability in ME might well be easier than surreptitiously inserting a component, but it's not like most BMC's are any more secure, and would probably be a much easier target.

(They also don't mention what kind of CPU these boards had. They might have used AMD or even ARM CPUs, although given how many Intel based servers there are out there, it's unlikely)

Another possibility if you had some access to the boards during manufacturing would be to just swap the BIOS (or BMC, or a number of other chips) with one that contained some kind of malicious capability.

Basically, there's easier ways to do what is being claimed, and attacking IntelME is just one of them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019