[0] - https://www.bloomberg.com/news/features/2018-10-04/the-big-h...
[1] - https://www.bloomberg.com/features/2021-supermicro/
[2] - https://www.schneier.com/blog/archives/2021/02/chinese-suppl...
[3] - https://www.theinformation.com/articles/apple-severed-ties-w...
His take was that it was very unlikely that it impacted exclusively Supermicro, though.
It was covered various places, including The Register https://www.theregister.com/2018/10/09/bloomberg_super_micro...
From what i recall, the story was very vague, there were no pictures of the specific chip, no pictures of the motherboard of the motherboard that would include serial, i.e. no details that would accompany a serious security research.
I thought it was supposed to be an incredibly tiny micro sitting on the bmc's boot flash to break inject vulnerabilities.
Bloomberg's tech coverage is not great from what I've seen. Last year they published a video which was intended to investigate GPUs being smuggled into China, but they couldn't get access to a data center so they basically said we don't know if it's true or not. Meanwhile an independent Youtuber with a fraction of the resources actually met and filmed the smugglers and the middlemen brokering the sales between them and the data centers. Bloomberg responded by filing a DMCA takedown of that video.
Something similar has been done in many video game console mod chips. IIRC, some of the mod chips manage it on an encrypted bus (which Bloomberg's claims do not require).
Here's one example of a mod chip for the PS1 which sniffs and modifies BIOS code in transit: https://github.com/kalymos/PsNee
"On PsNee, there are two separate mechanisms. One is the classic PS1 trick of watching the subchannel/Q data stream and injecting the SCEx symbols only when the drive is at the right place; the firmware literally tracks the read pattern with a hysteresis counter and then injects the authentication symbols on the fly. You can see the logic that watches the sector/subchannel pattern and then fires inject_SCEX(...) when the trigger condition is met.
PsNee also includes an optional PSone PAL BIOS patch mode which tells the installer to connect to the BIOS chip’s A18 and D2 pins, then waits for a specific A18 activity pattern and briefly drives D2 low for a few microseconds before releasing it back to high-impedance. That is not replacing the BIOS; it is timing a very short intervention onto the ROM data bus during fetch."
Multiple security companies looked into this and found nothing malicious.
I don’t think it’s real. Yes, it’s plausible. But first of all, if someone actually surreptitiously put malicious chips onto motherboards en masse, we would have seen a photo of the alleged chip already. And second, there are easier, more effective, and less obvious ways of adding backdoors to networking equipment.
https://www.schneier.com/blog/archives/2018/11/that_bloomber...
HNers are acting reflexively skeptical (which isn't always a bad thing), but targeted supply chain based attacks conducted by a nation statein the manner described are actually doable, and back when I was still a line-level SWE this was when we started putting significant engineering effort into hardware tampering protections back in the 2015-17 period.
The hardware supply chain incident itself most likely happened in the late 2000s to early 2010s when hardware supply chain security wasn't top of mind as an attack surface.
Modchips targeting contemporaneous gaming systems like the PS1 and PS2 use a similar approach to the SuperMicro incident.
Yep. This was why there was a significant movement around mandating Hardware BOMs in both US and EU procurement in the early 2020s.
Also, the time period that the Bloomberg story took place was the late 2000s and early 2010s, when hardware supply chain security was much less mature.
It's still nothing concrete, though. Their CEO basically said that they'd found one and that they couldn't say much more about it due to an NDA.