UK's Cyber Security Agency Supports Apple's Denial That Chinese Spies Infiltrated iCloud Servers

[Quu]

Just based on the size and pin out of the chip the story told by Bloomberg is impossible. That chip does not have the needed pin outs to intercept anything between the central processor and the system memory.

If their pictures are to be believed (and I doubt it but lets just assume they are) then the chip is next to the BMC on the motherboard which is used for remote administration. Think AST2500 for example. In which case it could talk to the BMC through serial or another low bandwidth connection including USB etc

The article to me and I do work in this field it all seems like Bloomberg has incredibly bad sources. Based on the fact this hit Supermicro's stock for about 60-40% it feels like a hit piece to short the stock.

 

[NT1440]

"The press", as if only one paper would exist.. You know how to differentiate, do you?
We (fortunately) don't live in "Trump world" (I guess that's what you're referring to) where everyone is lying except him. It's rather the opposite.

Maybe Bloomberg got fooled by some guy who wanted his 5 minutes of fame, who knows.. but don't generalize so much.

... they explicitly stated they worked on this story for over a year.

If a journalistic enterprise can’t, I don’t know, talk to someone who understands that this magic chip would need capabilities and physical traces that would interfere with timing functions if not explicitly designed into the system... then I don’t know what to tell you.

This reeks of “hur hur I can computer” technically illiterate ********.

 

[cmaier]

If this thing existed they would have the chip, they’d have had it delaminated, and could describe precisely how it performs its magical functions.

I designed cpus for exponential, sun, and AMD, and I couldn’t have snuck this stuff into the cpu itself without it being noticed, and even then it probably couldn’t do everything this supposed chip supposedly did.

 

[fathergll]

First Bloomberg stated that Conor McGregor's new whisky was terrible and now this!

 

[NT1440]

If this thing existed they would have the chip, they’d have had it delaminated, and could describe precisely how it performs its magical functions.

I designed cpus for exponential, sun, and AMD, and I couldn’t have snuck this stuff into the cpu itself without it being noticed, and even then it probably couldn’t do everything this supposed chip supposedly did.

Not only does this story not make sense on the physical front, but on the networking side does anyone really believe one of the biggest network operators on the planet (Amazon) wouldn’t notice their servers randomly sending data in a different protocol than what their SOP calls for? Really? EVERYTHING going in and out of these data centers is logged.

 

[DNichter]

Yup, don't buy it at all. From everything I've read, it's all hearsay.

 

[DVD9]

China sucks.

They sure do generate massive profits for treasonous transnational corporations.

As for the Brits intelligence, did they release a nerve agent on their own people, make the whole thing up, or are they really that incompetent that they can't figure anything out and present evidence?

 

[velocityg4]

Good that the Brits have some honesty on this issue. Otherwise as someone posted on Quora, if the Chinese had such capability in miniaturising such feature in a chip of the size suggested, then China truly has America beat on the technology front. In the meantime there's been a mad rush on Taobao at RMB0.70 ie. US$0.15 each.

Not really. The chip itself would be pretty easy to make. It wouldn't have to be particularly sophisticated if it has such low level access as the BIOS/UEFI.

The level of conspiracy required on all fronts and multiple independent entities is hard to believe. The Chinese government could not just plug these chips in. They'd have had to collude with the motherboard manufacturer to ingrain them in the system. You wouldn't just sneak it past the motherboard maker as the board would be altered. Once found you'd also have all these companies and all employees with knowledge agree to deny anything took place and government agencies would have to do so as well.

 

[tdar]

So many other posters have commented about the hardware reasons that people with server\ hardware design experience do not believe this reporting. They have shown that they have much more knowledge about computing than the reporters and editors at Bloomberg, not that it seems that's very hard to achieve. But no one seems to have taken a crack at the software side of this. If you take a look at that chart posted at the top of this thread, they talk about how this "magic" chip "alters the operating system" of the server. Not at all likely.

First how would they know in advance which OS the eventual customer would be running. Remember Super Micro systems are very widely used in their own servers and as the motherboards of many others. Some (likely most) run some version of Windows. But many run other OS's. Guess who would most likely NOT be running Windows? Amazon and Apple.

Secondly, just about every Server OS nowadays has specific protections against this type of attack, that prevent the OS components from being changed. So that part just does not make sense.

Thirdly- Again I note how widely SuperMicro systems are used. And they are used in environments where very skilled people are monitoring not only every thing that is running on that server, for both performance and security reasons. But they also look carefully-very carefully at the network traffic in both directions, with both on the server and with network based monitoring tools.

If this story was correct there would be so many different SuperMicro customers, all over the world that would have detected this almost immediately, that we would have all known about it well before it ever made news in a business publication like Bloomberg.

 

[Lerxt]

Surely  would see the writing on the wall when it comes to China. If they haven't got a program to slowly divest themselves of relying on China they are crazy.

 

[WatchFromAfar]

Yup, don't buy it at all. From everything I've read, it's all hearsay.

Apart from the bit about "The United Kingdom's National Cyber Security Centre"

 

[dguisinger]

Good god the internet is full of people who think they are experts at things they've never done, I don't know why I bother reading comments.

As someone who has actually designed circuit boards and had them built, there are multiple ways this could have been done. I've had PCB manufacturing partners tweak the gerber files output from my cad files, its standard operating procedure as they prepare the design for their manufacturing equipment and it sometimes needs tweaks to ensure it etches correctly or that pads are properly sized based on their assembly experience vs what the default sizes in the part library were.

Regarding people spouting nonsense about it not having enough pins to intercept the CPU bus, no one freaking claimed it did. The supposid hack injected custom code into the remote management controller over its serial flashrom bus, which only requires 3 or 4 pins.

Did it happen? I don't know. The most difficult part of this was secretly inserting the chip into the production line and getting someone to modify the gerber files, but, seeing the Chinese government has strong control over all their companies, I don't see that as a huge problem either.

 

[DNichter]

Apart from the bit about "The United Kingdom's National Cyber Security Centre"

What are you getting from that? There is proof on that site that shows China infiltrated Apple's iCloud servers?

 

[M5RahuL]

China sucks.

Watch for your comment to be deleted and barked on by the Mods.. That's what happened when I said the same recently.

As a Cyber Security Analyst. the stuff I see at work, nearly makes fiction real.. and most people would just laugh it off..

I don't even bother partaking in these discussions anymore because I've come to realize the general populous loves being oblivious and in denial.

...Done.

 

[omihek]

"The press", as if only one paper would exist.. You know how to differentiate, do you?
We (fortunately) don't live in "Trump world" (I guess that's what you're referring to) where everyone is lying except him. It's rather the opposite.

Maybe Bloomberg got fooled by some guy who wanted his 5 minutes of fame, who knows.. but don't generalize so much.

No, I think their generalization is pretty much accurate.

 

[Abazigal]

Your move, Bloomberg.

Either Bloomberg got facts wrong, or Apple and Amazon are blatantly lying in a way that will shatter their credibility.

I have no way of knowing which of those is the truth. I just know that Apple has not lied in this way before, while Bloomberg has been guilty of sloppy reporting more times than I can count when it comes to Apple.

So while I’m willing to be proven wrong, my assumption is that Bloomberg allowed their anti-Apple bias to lead them into wrong reporting (again).

 

[stylinexpat]

China sucks.

Some things really do suck and some things are really good. Apple delivers great products and many of those great products come from China. Many of those products were also put together by great Chinese people.

China is one of those 50/50 places to me where horrible is quite horrible and great is quite great.

 

[Solomani]

Good that the Brits have some honesty on this issue. Otherwise as someone posted on Quora, if the Chinese had such capability in miniaturising such feature in a chip of the size suggested, then China truly has America beat on the technology front. In the meantime there's been a mad rush on Taobao at RMB0.70 ie. US$0.15 each.

I wish to insert one of these inside my cat.

 

[SmileyBlast!]

We run a server. Incredible amount of hack attempts logged. Mostly always from China. Probably the biggest cyber threat in the world.

I'm still trying to figure how I can block any IP from China pre-emptively.

Remember these guys:
http://map.norsecorp.com/#/

 

[Solomani]

Your move, Bloomberg.

Either Bloomberg got facts wrong, or Apple and Amazon are blatantly lying in a way that will shatter their credibility.

I have no way of knowing which of those is the truth. I just know that Apple has not lied in this way before, while Bloomberg has been guilty of sloppy reporting more times than I can count when it comes to Apple.

So while I’m willing to be proven wrong, my assumption is that Bloomberg allowed their anti-Apple bias to lead them into wrong reporting (again).

So far, the scrutiny has been on Apple and Amazon to prove they have not been compromised. Now, it's time that a harsh scrutiny falls on that Bloomberg writer(s) who wrote the article. Who are these writers? Did they use credible sources? And these writers…. what are their backgrounds? Who knows, they could turn out to be Russian Agents With An Agenda.

 

[notabadname]

Let's not mess about. Apple wants to be China. That means storing iCloud data in China. Turns out China doesn't give a crap about Apple.

Yeah, they couldn’t possibly be denying the article because it is simply wrong.

“You’re a witch, and the very fact that you deny you’re a witch proves it! - Burn her!”

 

[stylinexpat]

Your move, Bloomberg.

Either Bloomberg got facts wrong, or Apple and Amazon are blatantly lying in a way that will shatter their credibility.

I have no way of knowing which of those is the truth. I just know that Apple has not lied in this way before, while Bloomberg has been guilty of sloppy reporting more times than I can count when it comes to Apple.

So while I’m willing to be proven wrong, my assumption is that Bloomberg allowed their anti-Apple bias to lead them into wrong reporting (again).

Amazon and Apple do billions of dollars in business out of China. A false accusation against a communist government or even admitting something bad about China would jeopardize their business in China. For Apple and Amazon China is one of their biggest supply source and for Apple it is also one of the largest customer base too. If the CEO of Apple or Amazon shot their mouth off like Trump their business in China would come close to a complete halt. Their stocks in America would crash leading US indexes to crash as well

 

[Abazigal]

So far, the scrutiny has been on Apple and Amazon to prove they have not been compromised. Now, it's time that a harsh scrutiny falls on that Bloomberg writer(s) who wrote the article. Who are these writers? Did they use credible sources? And these writers…. what are their backgrounds? Who knows, they could turn out to be Russian Agents With An Agenda.

The conspiracy theorist in me suggests that this story could be a plant to justify the US government pushing through another round of tariffs on China products, with the end goal being to force supply chains out of China (and maybe back to the US).

Too far-fetched, I know.

 

[Solomani]

First Bloomberg stated that Conor McGregor's new whisky was terrible and now this!

Stop your FUD! Connor's Whiskey is the best!

 

[Kaibelf]

And just like clockwork today we get a report from the White House about how China is threatening national security because of their electronics manufacturing, we are all at risk, blah blah blah. Just call it and admit that this whole Bloomberg story was crap to drum up tariff support.