By now, everyone knows the premise behind two unconfirmed Bloomberg articles that have dominated security headlines over the past week: spies from China got multiple factories to sneak data-stealing hardware into Supermicro motherboards before the servers that used them were shipped to Apple, Amazon, an unnamed major US telecommunications provider, and more than two dozen other unnamed companies.
Motherboards that wound up inside the networks of Apple, Amazon, and more than two dozen unnamed companies reportedly included a chip no bigger than a grain of rice that funneled instructions to the baseboard management controller, a motherboard component that allows administrators to monitor or control large fleets of servers, even when they’re turned off or corrupted. The rogue instructions, Bloomberg reported, caused the BMCs to download malicious code from attacker-controlled computers and have it executed by the server’s operating system.
Motherboards that Bloomberg said were discovered inside a major US telecom had an implant built into their Ethernet connector that established a “covert staging area within sensitive networks.” Citing Yossi Appleboum, a co-CEO of security company reportedly hired to scan the unnamed telecom’s network for suspicious devices, Bloomberg said the rogue hardware was implanted at the time the server was being assembled at a Supermicro subcontractor factory in Guangzhou. Like the tiny chip reportedly controlling the BMC in Apple and Amazon servers, Bloomberg said the Ethernet manipulation was “designed to give attackers invisible access to data on a computer network.”