Editor’s Note: This article has been edited since it appeared earlier today, to reflect additional information published on Check Point’s blog.
A report by Bloomberg asserts that a tiny chip about the size of a grain of rice was planted on the motherboards of servers used by Apple and Amazon Web Services (AWS). According to unnamed intelligence officials and company sources, the affected hardware is used by about 30 companies and government agencies and is believed to have been planted by Chinese spies. Apple and Amazon both deny the claims.
The issue has been under US investigation since 2015, when, according to the report, Apple and AWS allegedly had reported finding the rogue chips–something that both companies refute. As Ars Technica reports, the chips were embedded on Super Micro motherboards that are made in Taiwan and China. “The report alleges that the tiny chips, disguised to look like other components or even sandwiched into the fiberglass of the motherboards themselves, were connected to the management processor, giving them far-reaching access to both networking and system memory,” writes Ars.
US officials sketch out the hack this way, per the Bloomberg report:
- A Chinese military unit designed and manufactured microchips as small as a sharpened pencil tip. Some of the chips were built to look like signal conditioning couplers, and they incorporated memory, networking capability, and sufficient processing power for an attack.
- The microchips were inserted at Chinese factories that supplied Supermicro, one of the world’s biggest sellers of server motherboards.
- The compromised motherboards were built into servers assembled by Supermicro.
- The sabotaged servers made their way inside data centers operated by dozens of companies.
- When a server was installed and switched on, the microchip altered the operating system’s core so it could accept modifications. The chip could also contact computers controlled by the attackers in search of further instructions and code.
Hardware attacks are especially tough to pull off and require more investment than the more common software cyberattacks, notes Bloomberg. However, when successful, they offer longer-term stealth access that can be worth it.
The report explains that to infiltrate computer equipment, hackers have two choices: Interdiction, which is the altering of devices when in transit between manufacturer and customer; and planting modifications at the start of the supply chain–referred to as a ‘seeding attack.’
Quoting Joe Grand, a hardware hacker, Bloomberg writes, “Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow.”
In a blog on its corporate site, Check Point Software observed that this type of cyberattack appears to fit the description of a fifth-generation type of attack: “large scale, sophisticated technology that attacks the target from multiple vectors (hardware, internet, OS – all vectors to target the data).”
Check Point also noted that with good perimeter security solutions and cooperation between government agencies and the cyber industry, these types of attacks are preventable. And in fact, could be addressed in minutes or seconds, versus years.
Super Micro, Apple, and AWS have categorically denied the assertions in the report in emailed statements to Bloomberg.
Read the Bloomberg report here and learn more about the buzz surrounding the report at Ars Technica.