I feel like this article reflects some significant technical confusion. The BMC is supposed to be on a trusted network inaccessible from the outside. I've always viewed authentication on the BMC as being like the numeric lock on luggage--it's designed to keep honest people honest, not for real security. Being able to bypass the BMC security is really not a big deal. What the Bloomberg article says about the hardware exploit is much worse:
> > The rogue instructions, Bloomberg reported, caused the BMCs to download malicious code from attacker-controlled computers and have it executed by the server’s operating system.
It's using the fact that the BMC has unfettered access to the rest of the machine to compromise the code running on the server itself. That's valuable even if the BMC itself is on a private network inaccessible to the attacker.
There is no such practical network which remains such a network for long. All networks must be assumed to be byzantine as they certainly will be compromised at some point, if they're not already.
It's quite incompetent and negligent to put network connectors on servers that cause spectacular failures when exposed to a network.
A valid conclusion might indeed be to stop them being accessible from the outside, by installing such server boards in a network-topologically secure location such as a landfill.
BMCs like DRAC or iLO are invaluable when you have hundreds or thousands of fresh servers with no OS. The BMC lets you mount an OS or hypervisor ISO in a way reminiscent of DaemonTools et al., and update bios and other firmware from a shared network folder. I'm pretty sure there's even an API to develop against.
Except that in many cases the BMC does not exposed to the internet, especially in situations where you get a dedicated server from somewhere and they want to give you low-level access to make changes to the server you are renting.
I know of at least 2 places where this is still the case (that or a remote IP KVM...).
The BMC should be on a trusted network, but most likely isn't.
If Supermicro boards are bug-ridden, then I'd expect other manufacturer's boards to be equally bad or worse. I don't have a reason to defend Supermicro or some such, but where else in retail do you get specialized server boards like Supermicro sells? When Opteron was relatively new in 2004, I bought a two-socket board from Supermicro as the alternatives from well-known Taiwan manufacturers (ASUS, MSI, etc.) weren't as sophisticated (hadn't the PSUs and PSU connectors, power ratings, and rack-mount/tower convertible enclosures).
>Supermicro boards were so bug ridden, why would hackers ever need implants?
Ummm, because if you need your hack to be reliable, you can't rely on someone else's bugs to be there when you need them. You never know when they'll be fixed, or just replaced by new bugs.
A long time ago when setting up computers and networks was driver version hell, we had a short list of manufacturers' computers that we'd do setup included in the price instead of on-the-clock. This came about when a shipment of about 20 Dell computers, all supposedly of the exact same model# and revision, required about about 11 different setups, because the various chips on the board were different. They were clearly just using the chip-of-the-week>from whatever supplier was cheapest -- great for their price points, but every variant required a different driver for some subsystem. So the list was created and Dell was not on it (it was IBM, Compaq, HP, DEC, to show when this was).
That's solved now by hiding it with the much more automated OS and networking setups, but it is easy to see how the Chinese spies would be in the same situation -- some buggy boards are wonderfully exploitable, but how do you tell that the version going to your target wasn't changed by some revision that wasn't even noted in the Rev- listings? Better to insert your own bug if you want to actually get the job done.
I don't really see why everyone is calling this implausible. Modchips have been around for at least 15 years. The idea of the clipper chip is 25 years old. At every hacker conference there are people "hacking" devices by various buses or interfaces.
If there is anything working against the Bloomberg story it is that it is too plausible. Often reality clashes with imagination, but the Bloomberg story contains almost everything you could imagine happening.
It isn't implausible because of it being difficult and expensive, its implausible because there already exist much easier, cheaper, and (arguably) harder to detect ways of subverting SuperMicro motherboards.
As a bonus, subverting the BMC firmware is much harder to trace to the source since it could be injected by in so many ways by so many different people.
Why use a thermonuclear device when a hand grenade accomplishes the goal?
Often reality follows [somebody's] imagination - i mean you have those think tanks where people sit and imagine things, and the sponsoring agencies like CIA/Pentagon/NSA or their foreign equivalents take many of that and implement. Many people everywhere had the thought of full remote control of the computers - Intel implemented it as Intel ME feature of CPU because Intel controls CPU. China controls motherboards, so they did on the motherboards.
How much has the US spent on the F-35? How much has China spent on making artificial islands? Yet engineering a chip and bribing/threatening a few factory workers is beyond the pale?
Okay, crazy tinfoil hat time: what if this story is a plant from a particular part of the Chinese government (like PLA Unit 61398), designed to give the impression of the ability to disrupt global supply chains and to build respect through fear?
If all of these unnamed sources are unnamed because they were adversarial members impersonating government officials, then that would make a little more sense why current government bodies are not just staying mum, but actually denying knowledge of the story.
With the software attacks being much more feasible as the Ars article points out than a hardware attack, then it would also make it so that the vehement denials from affected companies would be true as well. The whole thing could be a large disinformation campaign to strike at the very core of what many would otherwise consider reasonable security.
I can't cite this case specifically, but normally it would be incredibly difficult to impersonate a government official as a source.
In my experience verifying a source means weeding out that possibility before publishing... e.g, cross-checking data from a third party (background checks, employment history, social media accounts, public records), then photos of credentials, video chats, etc. Then you cross-reference information with other sources on the story, etc... conspiracy is possible, but unless Bloomberg is inflating the number of sources it has, it would have to be a massive undertaking (state-sponsored).
Anonymous doesn't typically mean someone just calls up and says something and then it's off to the presses. They know exactly who gave them the information, but they're protecting the identities.
Maybe claims of "fake news" would be a lot less common if more people knew what went into verifying information before a major news outlet publishes a story.
But the effect of that would be to cause massive distrust of Chinese suppliers and cause a shift away from electronics being produced there. IC and cyber experts generally identify the Chinese as using intelligence operations for primarily economic purposes, as compared to Russian/Iranian/North Korean objectives being military or political. A Chinese military intelligence agency using cyber espionage to intentionally disrupt one of the most significant export industries of the Chinese economy does not seem likely, nor does it seem to provide such an out-sized strategic benefit as to be worth the economic cost.
I think it's plausible there's a disinformation campaign behind this strange story and that Bloomberg were the eager dupes.
But unnamed sources are known to the reporters and as "senior national security officials" they should be easy to verify and difficult to fake.
My guess is it's a subgroup of one of the agencies running a relatively independent operation to boost distrust of China. A rather inexperienced or at least incompetent group, based on how awkwardly it's gone over.
(Not that I've come to any conclusions... I think there's more info to come on this.)
It seems like this would be a really bad idea. Scaring companies away from buying Chinese-manufactured products couldn't possibly be worth the respect through fear.
No need for that much tinfoil, this came in parts straight from the Pentagon [0] and Bloomberg's "specialist", Tavis Ormandy, turned out to have a vested interest in selling "cyber security" related products aimed at supposedly fixing exactly these kinds of supply chain problems [1].
Imho The Register also points out some interesting details about this whole thing [2]
It's not really that surprising, fits perfectly into Trump's narrative of "They took our manufacturing, it's time to take it back to the US!". Gotta start somewhere, telling everybody China is selling a lot of bad apples seems like a simple enough start.
One researcher criticizes this type of hardware attack, saying:
Once discovered, such an attack would be burned for every affected board as people would replace them.
But this article also points out a case where, even after SuperMicro had published a patch to a serious BMC firmware vulnerability, 32,000 servers in the wild had not been updated a year later.
So, if software updates aren't always speedily/reliably deployed in the wild by customers, can we really expect hardware to be speedily replaced?
While I don't think Bloomberg's story looks very plausible, perhaps one motivation for cryptic hardware modification at a time when firmware weaknesses were being discovered might be precisely because the easier-to-exploit firmware weaknesses were being discovered, and so might not be exploitable much longer? It might not have seemed plausible that the vulnerabilities would be discovered but then not fixed to the extent that, it turns out, they were not.
“There are so many far easier ways to do the same job. It makes no sense—from a capability, cost, complexity, reliability, repudiability perspective—to do it as described in the article.”
Considering the US went to the trouble of wiring the North Atlantic for sound to catch Russian submarines during the cold war, and tapped undersea cables using divers and submarines, this is so implausible for a nation state? Large state actors specialize in activities for national defense that make "no sense—from a capability, cost, complexity, reliability, repudiability[sic] perspective".
While it's ultimately going to help to shame vendors regarding their poor security practices, it's really irritating and unfortunate this is all being framed as a Supermicro issue. How about the other companies in the same market space, like Tyan, that I'm sure are no better? For that matter how about the "Tier 1" OEMs like Dell and HP - how well-written are their BMC firmwares?
Not saying I believe in one side or the other, but from a standpoint of avoiding detection I think firmware hacking goes out the window.
A deep-pocketed attacker isn't going to risk flashing the firmware with a non-oem one on a brand new board leaving the factory. That probably gets quality inspected somehow later on anyway whereas a visual inspection is just a rubber stamp (IE: OK if the box isn't crushed or wet).
Not to mention a customer in the field who experiences problems is likely to report their firmware version to Supermicro support, whose poking around could expose the entire project.
There was an article recently about how hardware is "magic" and the IT world mostly takes it for granted. Putting an extra chip on the board but making it completely transparent to software debugging techniques is the best way to go. The board is almost certainly going to be flashed at least once and probably audited several times in it's lifespan by IT, but the hardware is never going to get more than some compressed air blown on it. Nobody repairs these things at the component level on a scale that matches how frequently firmware gets flashed or checked out.
Maybe for smaller companies, but Apple is very paranoid and AIUI does indeed inspect the hardware to make sure it hasn't been tampered with. I know less about Amazon in this regard but I would expect Amazon to do at least some level of hardware inspection to detect tampering as well.
Very fair article. Raises doubt in a very productive way, not the he-said she-said of previous rebuttals.
I'd go further to say it isn't just about the accuracy of the bloomberg piece, but implies bad things about their journalistic integrity. I mean, get real, Ars doesn't have an investigative journalism team. The one-sidedness of the bloomberg article becomes very apparent.
It depends on what you want to do. If you want to extract information from a specific network. maybe custom firmware is a good option.
If you want to just disable a very large number of machines to create economic damage or cripple infrastructure, a hardware implant would do just fine. And you wouldn't need to be very careful as to where it ends - if you make enough of them, they'll be everywhere.
If 1% of all MacBooks have a similar backdoor, there are about a dozen at my building.
BMC bug story time: I was working on automating health checks, and I needed some information from a BMC. The information was provided in XML format... fixed width. It's like something produced the document, and then output it to console, then copied from console to web service output.
I would guess that large companies are refreshing with known good firmware before deploying servers? So while described approach is easier prob will not get attacker as much.
Most BMC updates are handled in software on the BMC. You're giving the BMC a new image file to write and trusting the BMC to actually write it. Who's to say the BMC is dutifully writing that image to the flash memory? Who's to say it doesn't re-infect the image before writing?
Even if you do directly connect to the flash module and directly write to it through SPI, if the attack is being loaded by an additional module between the flash memory and the BMC, it could still inject additional data into the BMC's boot. If you're not physically listening to the SPI data being transmitted or knew what to look for in the final environment of the BMC, you wouldn't know it had happened.
You would guess wrong because a) large companies are profit motivated and that is a cost that can be cut and b) even if you "refresh" firmware, what actually is happening in there? You don't really know, so the "refresh" may not be as effective at wiping out the attack as you had hoped.
Okay, crazier lead-foil hat time: what if this story is a crappy hoax intended to discredit/prevent from publication a real story with similar details?
I don't follow. If anything it makes the parallel story easier to publish as a sort of "me too" (no disrespect.)
Maybe it takes away from the firmware hacking version of the story because now folks are looking at components as being the source of hacks and not the firmware on the components, leading to a false sense of security when they invest mightily in analyzing components with X-rays? I could see that outcome as being plausible. If the ultimate outcome is simply to change corporate priority towards futile component verification and away from firmware verification then indeed the firmware verification vector remains safe for the attacker.
The purpose of this whole thing was to manipulate the market. Super Micro stock fell 50% and still has not recovered since October 4th. Before the report its trading volume was invisible. After the report the volume experienced almost 2 orders of magnitude increase.
[+] [-] rayiner|7 years ago|reply
> > The rogue instructions, Bloomberg reported, caused the BMCs to download malicious code from attacker-controlled computers and have it executed by the server’s operating system.
It's using the fact that the BMC has unfettered access to the rest of the machine to compromise the code running on the server itself. That's valuable even if the BMC itself is on a private network inaccessible to the attacker.
[+] [-] justinjlynn|7 years ago|reply
There is no such practical network which remains such a network for long. All networks must be assumed to be byzantine as they certainly will be compromised at some point, if they're not already.
[+] [-] fulafel|7 years ago|reply
A valid conclusion might indeed be to stop them being accessible from the outside, by installing such server boards in a network-topologically secure location such as a landfill.
[+] [-] stephengillie|7 years ago|reply
[+] [-] X-Istence|7 years ago|reply
I know of at least 2 places where this is still the case (that or a remote IP KVM...).
The BMC should be on a trusted network, but most likely isn't.
[+] [-] flyinghamster|7 years ago|reply
[+] [-] amelius|7 years ago|reply
After it left the factory. But can't the firmware be installed by someone while the board is in the testing phase?
[+] [-] tannhaeuser|7 years ago|reply
[+] [-] toss1|7 years ago|reply
Ummm, because if you need your hack to be reliable, you can't rely on someone else's bugs to be there when you need them. You never know when they'll be fixed, or just replaced by new bugs.
A long time ago when setting up computers and networks was driver version hell, we had a short list of manufacturers' computers that we'd do setup included in the price instead of on-the-clock. This came about when a shipment of about 20 Dell computers, all supposedly of the exact same model# and revision, required about about 11 different setups, because the various chips on the board were different. They were clearly just using the chip-of-the-week>from whatever supplier was cheapest -- great for their price points, but every variant required a different driver for some subsystem. So the list was created and Dell was not on it (it was IBM, Compaq, HP, DEC, to show when this was).
That's solved now by hiding it with the much more automated OS and networking setups, but it is easy to see how the Chinese spies would be in the same situation -- some buggy boards are wonderfully exploitable, but how do you tell that the version going to your target wasn't changed by some revision that wasn't even noted in the Rev- listings? Better to insert your own bug if you want to actually get the job done.
[+] [-] mhjas|7 years ago|reply
If there is anything working against the Bloomberg story it is that it is too plausible. Often reality clashes with imagination, but the Bloomberg story contains almost everything you could imagine happening.
[+] [-] gvb|7 years ago|reply
As a bonus, subverting the BMC firmware is much harder to trace to the source since it could be injected by in so many ways by so many different people.
Why use a thermonuclear device when a hand grenade accomplishes the goal?
[+] [-] trhway|7 years ago|reply
Often reality follows [somebody's] imagination - i mean you have those think tanks where people sit and imagine things, and the sponsoring agencies like CIA/Pentagon/NSA or their foreign equivalents take many of that and implement. Many people everywhere had the thought of full remote control of the computers - Intel implemented it as Intel ME feature of CPU because Intel controls CPU. China controls motherboards, so they did on the motherboards.
[+] [-] ryanmarsh|7 years ago|reply
How much has the US spent on the F-35? How much has China spent on making artificial islands? Yet engineering a chip and bribing/threatening a few factory workers is beyond the pale?
[+] [-] throwaway290342|7 years ago|reply
If all of these unnamed sources are unnamed because they were adversarial members impersonating government officials, then that would make a little more sense why current government bodies are not just staying mum, but actually denying knowledge of the story.
With the software attacks being much more feasible as the Ars article points out than a hardware attack, then it would also make it so that the vehement denials from affected companies would be true as well. The whole thing could be a large disinformation campaign to strike at the very core of what many would otherwise consider reasonable security.
[+] [-] saudioger|7 years ago|reply
In my experience verifying a source means weeding out that possibility before publishing... e.g, cross-checking data from a third party (background checks, employment history, social media accounts, public records), then photos of credentials, video chats, etc. Then you cross-reference information with other sources on the story, etc... conspiracy is possible, but unless Bloomberg is inflating the number of sources it has, it would have to be a massive undertaking (state-sponsored).
Anonymous doesn't typically mean someone just calls up and says something and then it's off to the presses. They know exactly who gave them the information, but they're protecting the identities.
Maybe claims of "fake news" would be a lot less common if more people knew what went into verifying information before a major news outlet publishes a story.
[+] [-] jack6e|7 years ago|reply
[+] [-] jmull|7 years ago|reply
But unnamed sources are known to the reporters and as "senior national security officials" they should be easy to verify and difficult to fake.
My guess is it's a subgroup of one of the agencies running a relatively independent operation to boost distrust of China. A rather inexperienced or at least incompetent group, based on how awkwardly it's gone over.
(Not that I've come to any conclusions... I think there's more info to come on this.)
[+] [-] wycy|7 years ago|reply
[+] [-] C1sc0cat|7 years ago|reply
[+] [-] nakedrobot2|7 years ago|reply
A better tinfoil hat theory is that the whole story was fabricated by Russia, to (you know, as always) sow chaos.
[+] [-] freeflight|7 years ago|reply
Imho The Register also points out some interesting details about this whole thing [2]
It's not really that surprising, fits perfectly into Trump's narrative of "They took our manufacturing, it's time to take it back to the US!". Gotta start somewhere, telling everybody China is selling a lot of bad apples seems like a simple enough start.
[0] https://s3.amazonaws.com/static.militarytimes.com/assets/eo-...
[1] https://web.archive.org/web/20170721190725/http://www.sepio....
[2] https://www.theregister.co.uk/2018/10/04/supermicro_bloomber...
[+] [-] HillaryBriss|7 years ago|reply
Once discovered, such an attack would be burned for every affected board as people would replace them.
But this article also points out a case where, even after SuperMicro had published a patch to a serious BMC firmware vulnerability, 32,000 servers in the wild had not been updated a year later.
So, if software updates aren't always speedily/reliably deployed in the wild by customers, can we really expect hardware to be speedily replaced?
[+] [-] mannykannot|7 years ago|reply
[+] [-] ryanmarsh|7 years ago|reply
Considering the US went to the trouble of wiring the North Atlantic for sound to catch Russian submarines during the cold war, and tapped undersea cables using divers and submarines, this is so implausible for a nation state? Large state actors specialize in activities for national defense that make "no sense—from a capability, cost, complexity, reliability, repudiability[sic] perspective".
[+] [-] crististm|7 years ago|reply
[+] [-] ThenAsNow|7 years ago|reply
[+] [-] zelon88|7 years ago|reply
A deep-pocketed attacker isn't going to risk flashing the firmware with a non-oem one on a brand new board leaving the factory. That probably gets quality inspected somehow later on anyway whereas a visual inspection is just a rubber stamp (IE: OK if the box isn't crushed or wet).
Not to mention a customer in the field who experiences problems is likely to report their firmware version to Supermicro support, whose poking around could expose the entire project.
There was an article recently about how hardware is "magic" and the IT world mostly takes it for granted. Putting an extra chip on the board but making it completely transparent to software debugging techniques is the best way to go. The board is almost certainly going to be flashed at least once and probably audited several times in it's lifespan by IT, but the hardware is never going to get more than some compressed air blown on it. Nobody repairs these things at the component level on a scale that matches how frequently firmware gets flashed or checked out.
[+] [-] eridius|7 years ago|reply
[+] [-] jiveturkey|7 years ago|reply
I'd go further to say it isn't just about the accuracy of the bloomberg piece, but implies bad things about their journalistic integrity. I mean, get real, Ars doesn't have an investigative journalism team. The one-sidedness of the bloomberg article becomes very apparent.
[+] [-] rbanffy|7 years ago|reply
If you want to just disable a very large number of machines to create economic damage or cripple infrastructure, a hardware implant would do just fine. And you wouldn't need to be very careful as to where it ends - if you make enough of them, they'll be everywhere.
If 1% of all MacBooks have a similar backdoor, there are about a dozen at my building.
[+] [-] csours|7 years ago|reply
[+] [-] qaq|7 years ago|reply
[+] [-] vel0city|7 years ago|reply
Even if you do directly connect to the flash module and directly write to it through SPI, if the attack is being loaded by an additional module between the flash memory and the BMC, it could still inject additional data into the BMC's boot. If you're not physically listening to the SPI data being transmitted or knew what to look for in the final environment of the BMC, you wouldn't know it had happened.
[+] [-] bdamm|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] xkcd-sucks|7 years ago|reply
[+] [-] bdamm|7 years ago|reply
Maybe it takes away from the firmware hacking version of the story because now folks are looking at components as being the source of hacks and not the firmware on the components, leading to a false sense of security when they invest mightily in analyzing components with X-rays? I could see that outcome as being plausible. If the ultimate outcome is simply to change corporate priority towards futile component verification and away from firmware verification then indeed the firmware verification vector remains safe for the attacker.
[+] [-] zbentley|7 years ago|reply
I understand what they mean, but that sentence still hurts to read.
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] alexeiz|7 years ago|reply