Breakfast Bytes Blogs

Today, Bloomberg's BusinessWeek (BW from now on) published a story The Big Hack: How China Used a Tiny Chip to Infiltrate US Companies. The big question is whether they actually did or not. If they did, then this is the most brazen security breach that anyone knows about.

It is worth reading the whole article. Since the article is written by people who don't seem to understand either semiconductors or printed circuit board manufacture, it is hard for me (and probably you) to make your mind up. All the people involved are anonymous people who are supposedly ex-employees of CIA and NSA. 

Both Apple and Amazon have denied it in pretty strong terms. Here is Apple's official statement:

We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.

Apple went further and published an entire rebuttal on their website later in the day. You can read the whole thing. One key paragraph is unequivocal:

On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.

Obviously, Apple has been responding to news organizations all day, and the last paragraph says:

Now that's a denial! It never happened, and we are not saying so just because we have been told we have to.

Given all of the facts that came to light as a result of the Snowden disclosures that were previously denied by the NSA, the fact that there is official denial all-round may or may not mean anything. One theory is that the whole thing has been hushed up (too embarrassing?) and made secret, and all the companies are being good citizens and issuing denials as instructed. But the Apple denial in particular goes a long way beyond "no comment" or even "it never happened."

Of course, another theory is the BW got it totally wrong, all the denials are correct. That would imply someone had a motive to create such an elaborate hoax.

What Supposedly Happened?

The basic story is that San Jose company Supermicro makes motherboards for many companies, including (at least in the past) Apple, Amazon, the Department of Defence, The actual assembly of the motherboards is done in China, using a web of subcontractors. The tiny chip was allegedly added to the motherboards, and since it is colored grey it looks more like a surface-mount device. In BW's words:

Gray or off-white in color, they looked more like signal conditioning couplers, another common motherboard component, than microchips, 

That was the first version of the hardware hack. BW said that there was an even more sophisticated version:

In one case, the malicious chips were thin enough that they’d been embedded between the layers of fiberglass onto which the other components were attached, according to one person who saw pictures of the chips.

My Opinion

I find the whole story completely implausible. I can believe that it might be possible to sneak a component onto a PCB through a corrupt subcontractor. But for it to do any good, the entire board would have to be re-designed and re-manufactured. The part is small, so it could only connect to very few signals, and those signals would have to all be brought together in a small area of the board. The component is truly tiny (see the picture above from the BB article showing the size against a cent coin). Of course, you can get 100M transistors per square mm, so you can get a lot onto the chip. The problem is getting signals on and off the chip and into the system through the board.

I think it is simple enough to thin a semiconductor die to embed inside a multi-layer PCB. Sony's CMOS image sensor stack thins some of the die to less than 3um. But how would you connect it to enough of the right signals to be useful? Even if you assume, as the article does, that the main function of a chip like that is to allow the hardware to be penetrated and it is the payload so enabled that does the real dirty work, I still don't see how you could do that.

The article blithely assumes that if you can slip a chip onto a motherboard it is simply to fool a Linux system into not requiring passwords using the rogue chip, and only connecting to a handful of signals. It is not enough to connect to them passively (just to listen). But if the chip is doing something active (passing data through and occasionally changing it) then it has to run at speed, all the signal integrity issues need to be addressed, the power supply needs to be clean, and so on.

As Mythbusters used to say "busted".

EXTRA EXTRA

One of the few pieces I can find by someone who knows what they are talking about is by security researcher "the grugq" who says here:

There's not much we can speculate about the modchip because the Bloomberg description of whatever it does is gibberish. 

Most reports are written by journalists who just do the US journalism school thing, where they report what BW said, and then what Apple and Amazon said, and don't attempt to analyze the credibility of any facts, or even try and talk to anyone who might provide any insight.

Despite my feeling that this is complete fiction (or, at best, a dramatic retelling of something that started as true but ended up as "gibberish" after passing through too many people) there is a real problem here. Supply chains might be compromised and there is very little audit that means that something couldn't happen. The "root of trust" for security starts in hardware, which often means it starts in some semi-anonymous assembly subcontractor in China.

If I was going to attempt an exploit like this, I'd try and hide it on a chip in some gates or IP. When IP blocks are millions of gates, how can you be sure that a few hundred have not been added. I can't find the post right now, but I wrote once about a Wally Rhines (DVCON?) keynote where he talked about asking "three letter agencies" if they were worried about IP being compromised since verification is all about checking the block does what it is supposed to, and doesn't consider that the block might do stuff it is not supposed to. They apparently laughed, which Wally took to mean that they were doing that, so they assumed the other guys were too.

This story may or may not be fiction. But the basic idea, that the supply chain might be compromised and we have little protection against it, is not something that is going to go away.

Sign up for Sunday Brunch, the weekly Breakfast Bytes email.