Home / Explore Technology / CPUs & Components / Does Your Motherboard Have a Secret Chinese Spy Chip?

Does Your Motherboard Have a Secret Chinese Spy Chip?

How worried should you be about Chinese spies planting backdoors in your computer?

SecurityWatchOn Thursday, Bloomberg dropped a bombshell story claiming China has been secretly adding tiny microchips to server motherboards manufactured in the country in an effort to spy on US companies like Amazon and Apple.

According to security researchers, the supply chain attack outlined in Bloomberg's reporting is plausible. The only problem is the lack of evidence. So far, no one has released details of this Chinese spy chip. Nor has anyone ever publicly reported finding it.

It hasn't helped that Apple, Amazon, and the manufacturer of the motherboards, Super Micro, have all vehemently denied the reporting in Bloomberg's news story, sparking confusion over how real the threat is. That could mean one of two things: Either Bloomberg's story is wrong or China has managed to pull off this supply chain attack for years, undetected.

Whatever the case may be, security researchers are hopeful they'll get to the bottom of the mystery in the coming weeks. Many have been digging through and analyzing the server motherboards from Super Micro, with the goal of finding any unusual activity or actual presence of a secret spy chip. However, if the hidden backdoor is real, chances are China used it selectively to prevent detection. The chip itself also wouldn't be easy to find, according to Joe Fitzpatrick, a researcher at SecuringHardware.com.

"With hardware access, there are plenty of ways to backdoor a server," he wrote in a blog post, outlining the threat. "Someone knowledgeable could quickly pick out a dozen well marked places malicious firmware could hide on a board and dozens of more components large enough to contain a capable implant inside them."

The attack described in Bloomberg's reporting suggests that the spy chip was designed to exploit the Baseboard Management Controller (BMC) onboard the motherboards. This controller is quite powerful; it can let a remote administrator control the computer and modify the existing firmware on the system for malicious purposes. According to Bloomberg, Chinese spies used this access to open a back door into company servers and take over their processes.

"Almost no one that buys servers bothers to look closely and fully understand the BMC firmware image in their systems, so this would likely have remained undetected by end customers," said Ian Pratt, president of the cybersecurity firm Bromium, in an email.

That said, there is a way you could detect the presence of the chip: it would eventually need to "phone home" to the Chinese spies by communicating to them over the internet. IT administrators with full network monitoring on their servers would've noticed the suspicious traffic.

"This communication with the (command and control) server is vulnerable to observation, and is quite likely how the implant was discovered — rather more probable than someone spotting the tiny extra chip," Pratt added.

Nicholas Weaver, a computer scientist at UC Berkeley, said he expects we'll see "independent confirmation of this attack within a few weeks," given that Bloomberg claims close to 30 companies were targeted. "Corporations are going to start testing their Super Micro servers for unusual communications or internal connections — and if anything is discovered, at least one analysis will probably be made public," he wrote in a blog post.

Related

Also, if the threat is real then US authorities, such as the National Security Agency, should be alerting potential victims. After all, the attack is no longer a secret, he said. But both the NSA and the FBI have so far declined to comment on the alleged supply chain threat.

On Friday, the UK's National Cyber Security Centre also casted some doubt on Bloomberg's story. "We aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS (Amazon Web Services) and Apple," it said in an email. "The NCSC engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us."

What happens if the chip is found? It'll underscore a key vulnerability with US industries outsourcing their electronics manufacturing to China, a risk that the security community has been warning about for years. So don't be surprised if the Trump administration uses the incident to ramp up the ongoing trade war between the two countries. This past week, US Vice President Mike Pence called on US companies to avoid doing business in China if it means handing over valuable technology to their local Chinese counterparts.

Read more

Check Also

Deals: 40 Percent Off Tile Mate, $160 Off Asus Gaming Laptop

Today's best tech deals include 40 percent off the latest Tile Mate, $160 off the Asus Strix ROG 120Hz gaming laptop, and a sub-$25 SanDisk 128GB micro flash drive. Also take note that Intel's i9-9900K CPU comes out tomorrow.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.