Re: [PLUG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. C

prushik on 4 Oct 2018 13:43:50 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

From: prushik@gmail.com
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
Date: Thu, 04 Oct 2018 16:34:22 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:user-agent:in-reply-to:references:mime-version :content-transfer-encoding:subject:to:from:message-id; bh=6iymw5E1ur/iVZpxZhPskwQma8e+t3pUZOnj+1IdCMw=; b=gqu05oGZiJLOj0EenmykvtB0DVpLhtwR4BYHO8zge1LcqyFhtyn0UCP4QfzZEtiwQG hx6rWT6grtjMQuj7xwEqcsMhRrE6rR8JRVCXM06Y6VlF7MOdIKvo63zZ5SEym3cRKjhR DbCkQh1n4I1CaEhqtEMZGxGDvn3Qrrc8T7PiIL+WO8iJNR0jwoaN2UpkQiU4UEggX8Kd zW/yyIBNVUvRK7Y35DTsLOVd2yJkMaDlW6VAg5qylY2w4p6iPkChewGxHDcq9cjBygau Fc4orGbFSLMF9O2McxqvUaDH+gNkQqvn8Uwc5ksfhbXeKOG5+n2GnbvdyeZkQto2yObD iPhQ==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: K-9 Mail for Android

The article says it has memory and some kind of processing power. No way that's possible on a chip that small. Memory takes up too much space. Even Intel's ME doesn't have it's own memory.
It would also be likely to be detected while communicating over the network, even if it's traffic was well encrypted, it would still look odd to anyone monitoring the network.

This kind of attack would be possible, especially for devices made in China, but a separate chip is not going to work, it would have to be modified silicon. That would make it very difficult to detect as long as it didn't start establishing outbound connections unprovoked.

On October 4, 2018 2:35:20 PM EDT, Tom Diehl <tdiehl@rogueind.com> wrote:

On Thu, 4 Oct 2018, Lee H. Marzke wrote:

The report says the chip talks to the baseband controller, which has privileged to do remote Bios / firmware patching.

And the of course there is this:

https://aws.amazon.com/blogs/security/setting-the-record-straight-on-bloomberg-businessweeks-erroneous-article/

So who do you believe?

Regards,

-- Philip

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
  - From: Ron Guilmet <ronpguilmet@gmail.com>
- Re: [PLUG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
  - From: "K.S. Bhaskar" <ksbhaskar@gmail.com>
- Re: [PLUG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
  - From: "Lee H. Marzke" <lee@marzke.net>
- Re: [PLUG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
  - From: Tom Diehl <tdiehl@rogueind.com>

Prev by Date: Re: [PLUG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
Next by Date: Re: [PLUG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
Previous by thread: Re: [PLUG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
Next by thread: Re: [PLUG] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
Index(es):
- Date
- Thread