Chinese government allegedly inserts tiny chip which backdoors networks all over the place https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
re-emphasizing "allegedly"... I'm getting more and more skeptical of this story
Looking at Twitter conversations about the contradictions between Bloomberg, Apple and Amazon, two theories have come up:
Theory 1: Story is untrue, someone in administration planted story or misled Bloomberg, perhaps to strengthen demands for sanctions against China (and/or to make money from shorting Supermicro)
Theory 2: Story is true, Apple and Amazon are under some kind of gag order that compels them to lie
@switchingsocial so either
a) it's true and all associated companies think it's a bigger technical risk to say nothing than to outright deny, despite a later reveal being sure to be hugely bad for them *and* it's a heck of an engineering feat for something that small or
b) it's not true
not saying a) isn't possible but b) seems more likely
@cwebber as to the chip's size, IPMI provides most of the functionality, could this just be a IPMI backdoor chip?
Given how insecure IMPI was, especially in this time frame, the chip could have just done some basic firewall bypass callout to let the attackers talk to the IMPI and they could have then simply hacked IMPI.