“It’s not magical. It’s not impossible. I could do this in my basement.”
Spy chips- In context: Almost a year to the day after Bloomberg reported that the US government, Apple, Amazon, and others had their servers compromised by China, a security researcher has shown a similar hack can be pulled off with $190 worth of tools and a $2 chip.
Citing six senior national security officials and several higher-ups within Apple and Amazon, Bloomberg claimed that the manufacturing facilities constructing Supermicro motherboards had been infiltrated by a branch of China’s People’s Liberation Army. The PLA was reportedly adding a rice grain-sized chip capable of monitoring and altering communications with the motherboard’s BMC (baseboard management controller). The compromised motherboards had allegedly been sold in the tens of thousands to US customers, who could all, theoretically, be leaking their data to China.
Supermicro, Apple and Amazon all denied claims that they’d discovered the chips vehemently, the NSA said the threat was a false alarm, and the debate ended there. Last December, however, the hack was proven possible by Trammell Hudson, who’d found a spot on the Supermicro motherboard where a tiny chip could replace a small resistor and remain unnoticed. He connected a proof-of-concept chip only slightly larger than the resistor through external wires and completed the hack, concluding that anyone with a fab would be able to do a better job and remain undetected.
“For an adversary who wants to spend any money on it, this would not have been a difficult task,” Hudson says.
Monta Elkins, who’s the “hacker-in-chief” for security firm Foxguard, can do it without the budget. Elkins, who’ll be formally presenting his work at the CS3sthlm security conference this month, was able to gain control over a Cisco ASA 5505 firewall server with a chip lifted from a $2 Digispark Arduino board. He assembled his hack using a $150 hot-air soldering tool and a $40 microscope.