Post by james harvey via arch-generalOn Fri, Oct 5, 2018 at 8:36 PM David C. Rankin
Post by David C. RankinWe can now add motherboard stealth chips to the list of security concerns
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
I don't know what to think on this, but FWIW, Amazon and Apple deny
this happened. Apple says a lot of the anonymous source background
information is just wrong. They think this might be confusion over a
single driver issue that happened. Apple also says it's not under an
agreement or government ban regarding discussing such an issue.
https://www.cnbc.com/2018/10/04/apple-response-to-china-spy-chip-claims.html
The Register also did a very good story on "Who's telling the truth?" which
leaves it as an open question. But with DOD involved, it makes interpreting
the companies public statements a bit more difficult as they could presumably
be given immunity for any SEC violation with careful wording to advance a
particular denial...
http://go.reg.cx/tdml/dfd67/5bdf87ff/0ca20a03/2Q0X
Regardless of the "He said, she said..." It's pretty clear what happened, and
the preponderance of the evidence isn't that Bloomberg got it wrong...
I'm just glad my two SuperMicro boards predate the time period in question,
but then there was:
FS#58542: [linux] kernels 4.16.6 through 4.16.8 - 140 second boot hang and
multiiple call traces in dmesg I filed on one of my SuperMicro boards
https://bugs.archlinux.org/task/58542 (closed as it disappeared by 4.18.11)
No doubt completely unrelated, but after reading the article, it does make you
wonder.
--
David C. Rankin, J.D.,P.E.