Report: In Huge Hack, Chinese Manufacturer Sneaks Backdoors Onto Motherboards

  /     /     /  
Publicated : 23/11/2024   Category : security


Report: In Huge Hack, Chinese Manufacturer Sneaks Backdoors Onto Motherboards


If true, the attack using Supermicro motherboards could be the most comprehensive cyber breach in history.



According to a new article in Bloomberg BusinessWeek, manufacturing plants in China implanted tiny network monitoring and control chips on motherboards made for U.S. manufacturer Supermicro. Supermicro motherboards are commonly used in white-box servers, including those purchased for data center use by companies like Amazon and Apple.
The article says that the chips were discovered during a due-diligence security survey conducted on computers manufactured by Elemental, a company making systems for high-speed data streaming. Worse yet, according to Bloomberg, Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.
Security researchers quoted in the piece say that the purpose of the chips is to change the operating system core so that it will accept externally sourced changes, opening a backdoor into the system that can be used for a variety of purposes. Amazon, Apple, and Supermicro have all
denied the details
of the article, though Bloomberg is standing behind its reporting and says that critical details have been corroborated by current and former government employees.
In a statement to Dark Reading, Joseph Carson, chief security scientist at Thycotic, said: We are one step away from a major cyber conflict or retaliation that could result in serious implications. However, what is clear is that it is a government behind this cyber espionage and I believe it is compromised employees with privileged access that are acting as malicious insiders selecting specific targets so the supply chain has been victim of being compromised. The motive will not be clear until exact details of the hardware chip is reversed to know what it is capable of and who are the victims since no one is owning up from any of the Supermicro’s customers.
Dark Reading will continue to follow this story as it develops.
For more, read
here

 
Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the
conference
 and
to register.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Report: In Huge Hack, Chinese Manufacturer Sneaks Backdoors Onto Motherboards