Chinese government allegedly inserts tiny chip which backdoors networks all over the place https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
It's amazing how contradictory the story and the denials are.
Apple doesn't have a lot of wiggle room if the story is true, and the journalist doesn't if the story is false.
@switchingsocial size of the chip shown is what has me most skeptical, given what it allegedly does?
@switchingsocial I actually don't doubt that there are many layers of backdoors in our systems.. heck, Intel ME is one well known one.
Not sure this is real though.
Looking at Twitter conversations about the contradictions between Bloomberg, Apple and Amazon, two theories have come up:
Theory 1: Story is untrue, someone in administration planted story or misled Bloomberg, perhaps to strengthen demands for sanctions against China (and/or to make money from shorting Supermicro)
Theory 2: Story is true, Apple and Amazon are under some kind of gag order that compels them to lie
@switchingsocial but if they're under a gag order why aren't they just saying nothing
Agreed, they seem to both be unusually stridently denying this. Doesn't sound like they're under duress.
@switchingsocial so either
a) it's true and all associated companies think it's a bigger technical risk to say nothing than to outright deny, despite a later reveal being sure to be hugely bad for them *and* it's a heck of an engineering feat for something that small or
b) it's not true
not saying a) isn't possible but b) seems more likely
@cwebber as to the chip's size, IPMI provides most of the functionality, could this just be a IPMI backdoor chip?
Given how insecure IMPI was, especially in this time frame, the chip could have just done some basic firewall bypass callout to let the attackers talk to the IMPI and they could have then simply hacked IMPI.