• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Chinese Government Allegedly Used Supermicro Motherboards to Spy on US Enterprises

Joined
Apr 30, 2012
Messages
3,881 (0.84/day)
Ouch..

I can only imagine how innovative they got if this was just 1st and 2nd gen stuff.

the malicious chips were thin enough that they’d been embedded between the layers of fiberglass onto which the other components were attached
 
Joined
Sep 7, 2017
Messages
3,244 (1.22/day)
System Name Grunt
Processor Ryzen 5800x
Motherboard Gigabyte x570 Gaming X
Cooling Noctua NH-U12A
Memory Corsair LPX 3600 4x8GB
Video Card(s) Gigabyte 6800 XT (reference)
Storage Samsung 980 Pro 2TB
Display(s) Samsung CFG70, Samsung NU8000 TV
Case Corsair C70
Power Supply Corsair HX750
Software Win 10 Pro
I'm calling BS somewhere in that bloomberg article.

Probable that some of it is true, but the part of it claiming that a chip the size of a SMD has a full CPU and network stack, capable of modifying modern 32-bit OS cores? Lol, no. It's piggybacking off something else, probably the IPMI. It makes me wonder how much else is lost in translation..

I'm a bit more ignorant than you....I wasn't sure what to think. Thanks for the heads up.

Just wrote SM asking about their consumer boards. I doubt it's tampered with, but gave them some friendly advice anyhow. Tried not to be a jerk (just so they'll listen and not close my email immediately).
 
Joined
Aug 20, 2007
Messages
21,541 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Ouch..

I can only imagine how innovative they got if this was just 1st and 2nd gen stuff.

See? Stuff like that makes me doubt this was even real, because if it really was that small, there would be pretty much no way to reverse engineer it at the level of complexity they are talking. And how the heck did they even ID them in the first place if they are literally inside the hardware?

Either China has made 20 years of tech advances past us and has not told anyone, or something is being lost in translation. Or it's outright fake.

I want to see a guide on how to find these chips... I'm growing more skeptical by the minute.
 
Joined
Sep 7, 2017
Messages
3,244 (1.22/day)
System Name Grunt
Processor Ryzen 5800x
Motherboard Gigabyte x570 Gaming X
Cooling Noctua NH-U12A
Memory Corsair LPX 3600 4x8GB
Video Card(s) Gigabyte 6800 XT (reference)
Storage Samsung 980 Pro 2TB
Display(s) Samsung CFG70, Samsung NU8000 TV
Case Corsair C70
Power Supply Corsair HX750
Software Win 10 Pro
Part of the reason I liked SM was so many of it's employees (and some components... say.. like TI) were based in the US. Oh, the irony.

See? Stuff like that makes me doubt this was even real, because if it really was that small, there would be pretty much no way to reverse engineer it at the level of complexity they are talking. And how the heck did they even ID them in the first place if they are literally inside the hardware?

Either China has made 20 years of tech advances past us and has not told anyone, or something is being lost in translation. Or it's outright fake.

I want to see a guide on how to find these chips... I'm growing more skeptical by the minute.

Well, it's real enough to plummet their stock. If it's fake, someone is playing some serious games on them.
 
Joined
Aug 20, 2007
Messages
21,541 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Part of the reason I liked SM was so many of it's employees (and some components... say.. like TI) were based in the US. Oh, the irony.
You know, far be it for me to praise the tariff plan, but if this is real, we need to get the frick away from China and I'd say forget about tariffs. Lets talk an electronics embargo...

The scarriest answer to me here is that this is 100% true, because if so, holy shit did we miss something. This is like the Oslo Report all over again...
 
Joined
Sep 7, 2017
Messages
3,244 (1.22/day)
System Name Grunt
Processor Ryzen 5800x
Motherboard Gigabyte x570 Gaming X
Cooling Noctua NH-U12A
Memory Corsair LPX 3600 4x8GB
Video Card(s) Gigabyte 6800 XT (reference)
Storage Samsung 980 Pro 2TB
Display(s) Samsung CFG70, Samsung NU8000 TV
Case Corsair C70
Power Supply Corsair HX750
Software Win 10 Pro
Joined
Aug 20, 2007
Messages
21,541 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Joined
Sep 7, 2017
Messages
3,244 (1.22/day)
System Name Grunt
Processor Ryzen 5800x
Motherboard Gigabyte x570 Gaming X
Cooling Noctua NH-U12A
Memory Corsair LPX 3600 4x8GB
Video Card(s) Gigabyte 6800 XT (reference)
Storage Samsung 980 Pro 2TB
Display(s) Samsung CFG70, Samsung NU8000 TV
Case Corsair C70
Power Supply Corsair HX750
Software Win 10 Pro
He's just doing what he's told I am sure lol.

Unfortunately true. That said, I believe the founder (especially) and majority of employees are OK.. but they still could have been duped.
 
Joined
Aug 20, 2007
Messages
21,541 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Unfortunately true. That said, I believe the founder (especially) and majority of employees are OK.. but they still could have been duped.

Sounds like a few PRC officers came in at point of assembly and told them "install this, it's just a resistor" or something such and they knew better than to question it. Or report it.

That's assuming I understand it 100%. Still a ton of questions.
 
Joined
Apr 30, 2012
Messages
3,881 (0.84/day)
See? Stuff like that makes me doubt this was even real, because if it really was that small, there would be pretty much no way to reverse engineer it at the level of complexity they are talking. And how the heck did they even ID them in the first place if they are literally inside the hardware?

Either China has made 20 years of tech advances past us and has not told anyone, or something is being lost in translation. Or it's outright fake.

I want to see a guide on how to find these chips... I'm growing more skeptical by the minute.

Thats alot of sources that feed them false info if its false. Outlets are citing Bloomberg had 17 separate sources on this, inside the companies and in government.

Looks like some reports are pointing the finger at Sub-contractors.

Lawsuits are coming

Super Micro (SMCI) Investigated by Block & Leviton LLP For Violations of Federal Securities Laws

Recover Losses: Ademi & O'Reilly, LLP Investigates Possible Securities Fraud of Super Micro Computer, Inc.

INVESTOR ALERT: Law Offices of Howard G. Smith Announces Investigation on Behalf of Super Micro Computer, Inc. Investors (SMCI)

Just a handful in the last two hours
 
Last edited:
Joined
Apr 21, 2010
Messages
5,731 (1.07/day)
Location
West Midlands. UK.
System Name Ryzen Reynolds
Processor Ryzen 1600 - 4.0Ghz 1.415v - SMT disabled
Motherboard mATX Asrock AB350m AM4
Cooling Raijintek Leto Pro
Memory Vulcan T-Force 16GB DDR4 3000 16.18.18 @3200Mhz 14.17.17
Video Card(s) Sapphire Nitro+ 4GB RX 580 - 1450/2000 BIOS mod 8-)
Storage Seagate B'cuda 1TB/Sandisk 128GB SSD
Display(s) Acer ED242QR 75hz Freesync
Case Corsair Carbide Series SPEC-01
Audio Device(s) Onboard
Power Supply Corsair VS 550w
Mouse Zalman ZM-M401R
Keyboard Razor Lycosa
Software Windows 10 x64
Benchmark Scores https://www.3dmark.com/spy/6220813
That was quick. The same guy who has walked me through some technical issues before wrote back. But he just redirected me to a press release refuting the Bloomberg article. lol

https://www.supermicro.com/newsroom/pressreleases/2018/press181004_Bloomberg.cfm
So after hours of this breaking news, fake or not, you send a support email/contact us email and their tech support guy who is definitely not on a need to know basis flat out denies it... I mean, if they are going to lie to the US gov't and major global powerhouse brands like amazon and apple, why in the hell did you think they would outright admit it to you? :laugh: Though you mention their stock dropping, could well be manipulation?

On topic, wouldn't surprise me if true as the Chinese government has a lot more control over their top tech companies than western countries do, though as a non-governmental employee and an average joe, do I care more about China having my data than the US, UK and every other western super power monitoring it's subjects straight out of Orwell's 1984? no, not really. As it has already been mentioned, our own governments are up to far more sinister things than this on their own people, god know's what kind of tactics they employ to a foreign adversary government if that's how we as "citizens" are monitored.
 
Joined
Aug 20, 2007
Messages
21,541 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Thats alot of sources that feed them false info if its false. Outlets are citing Bloomberg had 17 separate sources on this, inside the companies and in government.

Looks like some reports are pointing the finger at Sub-contractors.

Lawsuits are coming

Super Micro (SMCI) Investigated by Block & Leviton LLP For Violations of Federal Securities Laws

Recover Losses: Ademi & O'Reilly, LLP Investigates Possible Securities Fraud of Super Micro Computer, Inc.

INVESTOR ALERT: Law Offices of Howard G. Smith Announces Investigation on Behalf of Super Micro Computer, Inc. Investors (SMCI)

Just a handful in the last two hours

I know. And I don't say that lightly... but it breaks down my understanding of everything that is possible in computing. Which is why I assume bloomberg just failed in dumbing it down. As I said, the most likely scenario is it NOT running it's own processor as they claim, but piggybacking off the IPMI chip (which, convieniently has a netstack). Irrelevant to their audience maybe, but details like that drive me nuts, and make me wonder what else they missed.

If what they actually said is true it scares me to my core, because that should not be physically possible with present processes (let alone thermal issues). It would be like getting the Oslo report prior to WW2: Hard to believe. Doesn't make it false though.
 
Last edited:
Joined
Sep 7, 2017
Messages
3,244 (1.22/day)
System Name Grunt
Processor Ryzen 5800x
Motherboard Gigabyte x570 Gaming X
Cooling Noctua NH-U12A
Memory Corsair LPX 3600 4x8GB
Video Card(s) Gigabyte 6800 XT (reference)
Storage Samsung 980 Pro 2TB
Display(s) Samsung CFG70, Samsung NU8000 TV
Case Corsair C70
Power Supply Corsair HX750
Software Win 10 Pro
So after hours of this breaking news, fake or not, you send a support email/contact us email and their tech support guy who is definitely not on a need to know basis flat out denies it... I mean, if they are going to lie to the US gov't and major global powerhouse brands like amazon and apple, why in the hell did you think they would outright admit it to you? :laugh: Though you mention their stock dropping, could well be manipulation?

On topic, wouldn't surprise me if true as the Chinese government has a lot more control over their top tech companies than western countries do, though as a non-governmental employee and an average joe, do I care more about China having my data than the US, UK and every other western super power monitoring it's subjects straight out of Orwell's 1984? no, not really. As it has already been mentioned, our own governments are up to far more sinister things than this on their own people, god know's what kind of tactics they employ to a foreign adversary government if that's how we as "citizens" are monitored.

It was partly just to politely criticize.. but I spoke to the guy before, so I was hoping he had some insight. Worth a chance at least, but I'm not surprised.

It's true about our government... although what if I said even our own agencies work against each other and try to block or infiltrate each other's systems?

I trust Army/military intelligence however. That's about it.
 

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,300 (7.53/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
Super Micro (SMCI) Investigated by Block & Leviton LLP For Violations of Federal Securities Laws

Recover Losses: Ademi & O'Reilly, LLP Investigates Possible Securities Fraud of Super Micro Computer, Inc.

INVESTOR ALERT: Law Offices of Howard G. Smith Announces Investigation on Behalf of Super Micro Computer, Inc. Investors (SMCI)

Just a handful in the last two hours

I'm sure when those lawyers launch discovery, they'll find zilch. Big customers like AWS buy directly from hardware manufacturers, with no importer, distributor or retailer in the middle. It's entirely possible that someone at Supermicro's ODM in China, or a stateside Supermicro employee working for Chinese intelligence, was aware that a batch of motherboards is headed to AWS and only that batch should have embedded spyware. The only way a law firm can get its hands on a compromised board is if AWS or Apple hands them one (which they won't, because as others said, they'd be burned at the stake for using compromised hardware). If pushed, they'll just give them uncompromised boards.
 
Joined
Sep 15, 2007
Messages
3,946 (0.63/day)
Location
Police/Nanny State of America
Processor OCed 5800X3D
Motherboard Asucks C6H
Cooling Air
Memory 32GB
Video Card(s) OCed 6800XT
Storage NVMees
Display(s) 32" Dull curved 1440
Case Freebie glass idk
Audio Device(s) Sennheiser
Power Supply Don't even remember
Meanwhile I am pretty sure NSA has been spying on everyone using the now known CPU exploits. Pot calling kettle black.

NSA is/was intercepting cisco routers in transit and flashing them with backdoors. There’s no need to bother with those exploits. They’ll just physically get a hold of it and install their own.
 
Joined
Mar 10, 2010
Messages
11,878 (2.20/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II
Processor Amd R5 5900X/ Intel 8750H
Motherboard Crosshair hero8 impact/Asus
Cooling 360EK extreme rad+ 360$EK slim all push, cpu ek suprim Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 16Gb in four sticks./16Gb/16GB
Video Card(s) Powercolour RX7900XT Reference/Rtx 2060
Storage Silicon power 2TB nvme/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd/1Tb nvme
Display(s) Samsung UAE28"850R 4k freesync.dell shiter
Case Lianli 011 dynamic/strix scar2
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi/Asus stock
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Aimo 120
VR HMD Oculus rift
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
I'm calling BS somewhere in that bloomberg article... big time. Some of the things they are claiming just aren't feasible (unless China has a secret 2nm node or something)...

Probable that some of it is true, but the part of it claiming that a chip the size of a SMD has a full CPU and network stack, capable of modifying modern 32-bit OS cores? Lol, no. It's piggybacking off something else, probably the IPMI. It makes me wonder how much else is lost in translation..
these things are( based )(right im going bed) best weighed through reasonable eyes, there is possibly some truth to some of it but its likely the chinese whispered version were now getting.:p:D
 
Joined
Aug 20, 2007
Messages
21,541 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
NSA is/was intercepting cisco routers in transit and flashing them with backdoors. There’s no need to bother with those exploits. They’ll just physically get a hold of it and install their own.

They make the hardware, we make the software. Different tools, same goal.
 
Joined
Sep 7, 2017
Messages
3,244 (1.22/day)
System Name Grunt
Processor Ryzen 5800x
Motherboard Gigabyte x570 Gaming X
Cooling Noctua NH-U12A
Memory Corsair LPX 3600 4x8GB
Video Card(s) Gigabyte 6800 XT (reference)
Storage Samsung 980 Pro 2TB
Display(s) Samsung CFG70, Samsung NU8000 TV
Case Corsair C70
Power Supply Corsair HX750
Software Win 10 Pro
FYI: Not to downplay the NSA, but they're analysts and eggheads. They get too much attention. The ones you should really worry about are the CIA.. making use of NSA data and directing the same crap at Home that they've long been doing elsewhere (then again, they've been doing that anyways. Some well known stuff now is Operation Mockingbird.. where the CIA has planted itself inside and directed the media. They said they stopped. Heh).
 
Joined
Sep 15, 2007
Messages
3,946 (0.63/day)
Location
Police/Nanny State of America
Processor OCed 5800X3D
Motherboard Asucks C6H
Cooling Air
Memory 32GB
Video Card(s) OCed 6800XT
Storage NVMees
Display(s) 32" Dull curved 1440
Case Freebie glass idk
Audio Device(s) Sennheiser
Power Supply Don't even remember
FYI: Not to downplay the NSA, but they're analysts and eggheads. They get too much attention. The ones you should really worry about are the CIA.. making use of NSA data and directing the same crap at Home that they've long been doing elsewhere (then again, they've been doing that anyways. Some well known stuff now is Operation Mockingbird.. where the CIA has planted itself inside and directed the media. They said they stopped. Heh).
CIA is the largest terrorist organization in the world (scope and power). They directly arm ISIS and whatever flavor of the day, overthrow govts, transport/sell drugs, and on and on.

So, yep. FBI is criminal enough, but CIA is insane.
 
Joined
Aug 20, 2007
Messages
21,541 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
I'm not sure I buy into that level of criminal conspiracy. But then again, I don't really know what to think anymore. I just know I like my findings with a side of supporting evidence, which often times is lacking once you go down the rabbit hole.
 

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,300 (7.53/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
Probable that some of it is true, but the part of it claiming that a chip the size of a SMD has a full CPU and network stack, capable of modifying modern 32-bit OS cores? Lol, no. It's piggybacking off something else, probably the IPMI.

That chip is small enough to be a 7-pin SPI flash fabbed on a sub-30nm node with just enough space for 32 MB (looking at 20 nm-class planar flash densities). Your smartphone's EFI ROM is probably stored on a chip that size. The IPMI chip probably reads that flash first and in its absence, reads the bigger more visible flash chip located near the chip. I agree, the best guess is a compromised IPMI chip that's reading custom firmware off a very tiny SPI chip.
 
Joined
Apr 12, 2013
Messages
7,563 (1.77/day)
I'm sure when those lawyers launch discovery, they'll find zilch. Big customers like AWS buy directly from hardware manufacturers, with no importer, distributor or retailer in the middle. It's entirely possible that someone at Supermicro's ODM in China, or a stateside Supermicro employee working for Chinese intelligence, was aware that a batch of motherboards is headed to AWS and only that batch should have embedded spyware. The only way a law firm can get its hands on a compromised board is if AWS or Apple hands them one (which they won't, because as others said, they'd be burned at the stake for using compromised hardware). If pushed, they'll just give them uncompromised boards.
Which makes it even more alarming, I wonder if Google/FB or MS are also in the line of fire.
 

TheLostSwede

News Editor
Joined
Nov 11, 2004
Messages
17,772 (2.42/day)
Location
Sweden
System Name Overlord Mk MLI
Processor AMD Ryzen 7 7800X3D
Motherboard Gigabyte X670E Aorus Master
Cooling Noctua NH-D15 SE with offsets
Memory 32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s) Gainward GeForce RTX 4080 Phantom GS
Storage 1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s) Acer XV272K LVbmiipruzx 4K@160Hz
Case Fractal Design Torrent Compact
Audio Device(s) Corsair Virtuoso SE
Power Supply be quiet! Pure Power 12 M 850 W
Mouse Logitech G502 Lightspeed
Keyboard Corsair K70 Max
Software Windows 10 Pro
Benchmark Scores https://valid.x86.fr/yfsd9w
Just a comment in terms of the size of the chip, it's clearly not impossible, considering things like this has been developed https://news.umich.edu/u-m-researchers-create-worlds-smallest-computer/
That's a full-on Cortex-M0+ with additional components at 0.3mm...
Obviously this is cutting edge research stuff, but that's much smaller than the part claimed to be used here.
 
Joined
Sep 17, 2014
Messages
22,673 (6.05/day)
Location
The Washing Machine
System Name Tiny the White Yeti
Processor 7800X3D
Motherboard MSI MAG Mortar b650m wifi
Cooling CPU: Thermalright Peerless Assassin / Case: Phanteks T30-120 x3
Memory 32GB Corsair Vengeance 30CL6000
Video Card(s) ASRock RX7900XT Phantom Gaming
Storage Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s) Gigabyte G34QWC (3440x1440)
Case Lian Li A3 mATX White
Audio Device(s) Harman Kardon AVR137 + 2.1
Power Supply EVGA Supernova G2 750W
Mouse Steelseries Aerox 5
Keyboard Lenovo Thinkpad Trackpoint II
VR HMD HD 420 - Green Edition ;)
Software W11 IoT Enterprise LTSC
Benchmark Scores Over 9000
A likely response, don't you think?

Likely doesn't mean untrue.

Its always nice to see 'who benefits the most' in these kinds of things.

And the US benefits the most from this. Its no coincidence this information gets out at the moment it does, there is a flood of anti-China sentiment in all media the past few months. Boy I wonder why.

It would be wise to question everything at this point - from every angle - and take it with a bucketload of salt.
 
Joined
Aug 20, 2007
Messages
21,541 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Just a comment in terms of the size of the chip, it's clearly not impossible, considering things like this has been developed https://news.umich.edu/u-m-researchers-create-worlds-smallest-computer/
That's a full-on Cortex-M0+ with additional components at 0.3mm...
Obviously this is cutting edge research stuff, but that's much smaller than the part claimed to be used here.

I’m speaking in terms of the fabs China has quiet, likely native access to. Of what is known, this greatly limits them.

That chip is small enough to be a 7-pin SPI flash fabbed on a sub-30nm node with just enough space for 32 MB (looking at 20 nm-class planar flash densities). Your smartphone's EFI ROM is probably stored on a chip that size. The IPMI chip probably reads that flash first and in its absence, reads the bigger more visible flash chip located near the chip. I agree, the best guess is a compromised IPMI chip that's reading custom firmware off a very tiny SPI chip.

That’s plausible, but not what was reported.
 
Top