nanog mailing list archives
RE: bloomberg on supermicro: sky is falling
From: "Naslund, Steve" <SNaslund () medline com>
Date: Thu, 4 Oct 2018 21:00:57 +0000
It is definitely more desirable to try and tap a serialized data line than the parallel lines. The thing that made me most suspicious of the article is why would anyone add a chip. It requires power and connections that a highly detectable. Motherboard designs are very complex in the characteristics of data buses so it is not so easy to just extend or tap into them without having negative effects (which brings the board under scrutiny that we don't want). Why not embed our rogue chip inside the case of a chip that is already controlling the bus or memory we want to play with? It would be really hard to detect without x-ray of all of the system chipsets. The other thing I am highly skeptical of is the suggestion of attempting to tap sensitive intel agency systems this way. Talking to a C&C server is suicide from within their network. How long do you think it would take them to detect a reach out to the Internet from inside? How are you going to get the data from the outside back into their network? You still have to defeat their firewalls to do it. If this was targeted to specialized video processing server then would it not be unusual for them to be talking to some random IP address on the Internet? Steven Naslund Chicago IL
Just theory - tapping on same lines as SPI flash (let's assume it is not QSPI), so we are "in parallel", as "snooper" chip. First - it can easily snoop by listening MISO/MOSI/CS/CLK. When required data pattern and block detected during snooping, it can remember offset(s) of required data. When, later, BMC send over MOSI request for this "offset", we override BMC and force CS high (inactive), so main flash chip will not answer, and answer instead of him our, different data from "snooper". Voila... instead of root:password we get root:nihao
Current thread:
- RE: bloomberg on supermicro: sky is falling, (continued)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling Mark Rousell (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling Scott Weeks (Oct 04)
- Re: bloomberg on supermicro: sky is falling Denys Fedoryshchenko (Oct 04)
- Re: bloomberg on supermicro: sky is falling William Herrin (Oct 04)
- Re: bloomberg on supermicro: sky is falling valdis . kletnieks (Oct 04)
- Re: bloomberg on supermicro: sky is falling Mark Rousell (Oct 04)
- Re: bloomberg on supermicro: sky is falling William Herrin (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling Denys Fedoryshchenko (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling valdis . kletnieks (Oct 04)
- Re: bloomberg on supermicro: sky is falling Eric Kuhnke (Oct 04)
- Re: bloomberg on supermicro: sky is falling Mark Rousell (Oct 04)
- Re: bloomberg on supermicro: sky is falling Denys Fedoryshchenko (Oct 04)
- Re: bloomberg on supermicro: sky is falling William Herrin (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling Matt Harris (Oct 04)
- Re: bloomberg on supermicro: sky is falling valdis . kletnieks (Oct 04)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling Randy Bush (Oct 04)