Reply to post: Re: Only just passes the plausibility test for me...

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

doublelayer Silver badge

Re: Only just passes the plausibility test for me...

You are right about a lot of this, but have missed a few points:

It would indeed burn itself out and use too much power if running at CPU speeds. It doesn't need to. If the story is correct, it only needs enough processing to inject code into a serial line. That takes a lot less power. After this, the CPU handling the BMC handles all the work.

It probably wasn't (if it exists) created by the factory. Instead, the plans would have been created elsewhere, and a slight modification to the process would be necessary. I don't know much about the organization of Chinese motherboard factories, but if I had plans that were almost identical, I assume the factory could build them just as well.

The point about monitoring internet traffic is a good one. I don't have a great explanation for how that worked. The best I can come up with is that you could set up an image on such a system that could interact with the firmware and exfiltrate information into that VM, then hide the data as it is sent out from that VM with other expected traffic. Still, that's hard. If it actually exists and was used (it could be a sleeper system for some purpose), perhaps some network traffic systems aren't as thorough as we hope.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020