More Accusations of Chinese Spy Chips
Spies based in China have been planting secret chips inside electronics destined for the USA, according to Bloomberg, in a highly coordinated hacking project.
The website reports that tiny microchips appear to have been added to motherboards at the point of manufacture, and those motherboards have ended up in servers in some of the most sensitive government departments in the USA.
Over the last three years, the FBI has been investigating the likely origin of chips discovered after various companies reported their suspicions. In some cases, the chips were actually found on the motherboards. In other cases, strange network activity apparently caused alarm.
Some of the companies that reportedly received hacked hardware have denied that the allegations are true.
Factory Spy Chips
The suspicious microchips appear to have been designed to be as undetectable as possible. Not only are they tiny, around the size of a grain of rice, but they also look like other components at a glance.
In Amazon’s data centres in China, chips were allegedly found sandwiched between layers of fibreglass.
But despite being difficult to spot, the chips were able to change the instructions sent to the processor in a server, as well as opening up a communication channel with a remote computer.
The affected motherboards appear to have been made in factories owned by Supermicro, one of the world’s most prominent manufacturers. The FBI believed that three Supermicro suppliers were responsible for placing the hacked hardware in data centres run by the US Department of Defense, NASA, and several large US companies including Apple. Apple denies this.
Since the report was fully published, more acqusations have been made against Supermicro, with further investigations taking place.
Bloomberg also says Amazon felt that it was unable to remove the servers because it would alert the hackers to their discovery. Instead, they started monitoring their network traffic. It also claims Apple discovered the chips when it found unusual communication from its servers. Both companies say that they found nothing suspicious.
What Does it Mean For Consumers?
If this story is true, the goal appears to have been to hack into corporations and to obtain government intellectual property. US investigators believe that the People’s Liberation Army are behind the scheme. And the servers affected are known to have been used in data centres processing sensitive video footage, such as feeds from drones.
Clearly, it raises questions about the security of hardware manufacturing in China, where 75% of the world’s electronic devices are made. One of the main concerns raised is that companies are now so desperate for massive, low-cost manufacturing capacity that they’re compromising on security to get it, especially heading into the financial uncertainty of 2019.
Right now, there is probably little motivation for spies to implant these kinds of chips in consumer devices. However, if those devices were destined for a particular organisation or business, and there was potentially value to modifying them in a similar way, then we could all potentially be at risk.
Since the report was fully published, more accusations have been made against Supermicro, with further investigations taking place.