On Oct 4th, Bloomberg rocked the world with a report that claims Chinese spy agencies worked with sub-contractors in China to insert a small, rice grain-sized chip into motherboards that were assembled for SuperMicro. All the details (almost a 20 minute read) is in this Bloomberg news article. Now known as the Chinese spy chip, many questions are swirling about the implications of the situation.
Here are 6 frequently asked questions about the Chinese Spy chip situation:
- When were the Chinese spy chips first discovered? How come nobody detected the Chinese spy chip on the motherboard?
The chip was believed to be detected almost 3 years ago after AWS acquired a company named “Elemental Technologies”, which is based out of Portland, Ore.
The chip is allegedly rice grain sized and the allegation is that some subcontractor organization in China was probably coerced by the Chinese military to insert the small chip in the motherboard of servers. This is what the report calls supply-chain infiltration. There was no way for the many companies involved in the supply chain to detect that an extra chip was inserted.
- What does the Chinese spy chip do?
All servers have motherboards. The CPU and memory are all connected to the motherboard. The spy-chip was allegedly inserted into the motherboard and hence has access to CPU and memory. Thus the chip would be capable of manipulating system memory and injecting code or instructions into the system memory, which could then get executed by the CPU, regardless of any software-level protection such as anti-malware technology.
Even more dangerous is the fact that the chip could also connect to the network and download instructions from a remote rogue server, thus creating a “backdoor entry” to the servers and hence to the enterprise or cloud network.
- How does the Chinese spy chip “backdoor” work?
The chip could be designed to contact back to “command and control” servers which would be controlled by the chip’s creators. The chip could download instructions from the “command and control” servers, instructing it to perform specific actions crafted against a specific target.
Over a period of time, different pieces of a large malware code could be downloaded via this backdoor. Such instructions could cause exfiltration of sensitive data, corruption of data, or result in denial of service.
- What kind of attacks are possible due to the Chinese spy chip?
The fact that the chip could download instructions from remote servers is very scary. Imagine the following scenarios:
- If some of the servers that are being used at a major stock exchange have these chips, the chips could download code/instructions to play havoc with the software that runs the exchange’s central trading infrastructure. One hypothesis is that once you are in the server, the data corresponding to various tickers could be manipulated.
- The servers that control the power grid, gas and oil pipelines, and industrial control processes and operations could be manipulated and sabotaged.
- Imagine a rogue piece of software making entry to Apple iCloud or AWS servers or Gov Cloud? The backdoor allows rogue elements to steal sensitive data, corrupt critical data, and manipulate important data.
- What impact does the Chinese spy chip have on enterprises?
It’s highly unlikely that nation-state actors would go after most businesses. They would most likely target large government institutions, as well as large enterprises such as cloud providers, social media sites, news media, utilities, and government contractors. But theoretically, the backdoor allows bad actors to inject malware to manipulate, steal, or destroy critical data from anyone, anywhere, at any time.
Even the backups of enterprise data could be impacted. Imagine a backup appliance that has been built using SuperMicro servers. Those chips potentially could give rogue elements access to the backup data as well as allow that backup data to be silently manipulated or destroyed.
- What can be done now about the Chinese spy chip?
The Bloomberg report just came out on Oct 4th. The investigation has been allegedly going on for almost 3 years. Except for the Bloomberg report, there haven’t been a lot of details. But this is not an easy problem to solve.
The big problem is that the supply-chain network for appliance manufacturing has many players in it. It’s almost impossible to inspect each contractor and subcontractor in various countries.
Is it possible that chip / motherboard manufacturing will come back to the US to have better controls and scrutiny in place? Maybe. But even that will be a long process.
Better network traffic analysis has the potential to identify such backdoor communication, but not everybody has the resources that AWS or Apple has to detect what is tantamount to a “needle in a haystack”, as described in the Bloomberg report.
One thing is for sure: The area of networking, cloud, security, internet of things, design and manufacture of appliances, and supply-chain network will be scrutinized in the next few months.
Webinar: Ransomware, Cybersecurity and Malware 101