Chinese spy chips would be a “god-mode” hack, experts say

Bloomberg report today. Chinese operatives allegedly poisoned the technical supply chain of major US companies, including Apple and Amazon by planting a microchip on their servers manufactured according to a Bloomberg report today. This is the first time that the Chinese government has made a complete backdoor into the Chinese government, and it has been reported that the Chinese These companies' networks.

Affected companies are vigorously disputing the report, claiming they never found any malicious hardware or reported similar issues to the FBI. Even taking the Bloomberg report on its word, there are significant unanswered questions about how wide the chip was distributed and how the backdoor access was used. shock waves through the security world, which has traditionally focused on software attacks. Nicholas Weaver, a professor at Berkeley's International Computer Science Institute described an alarming attack. "My initial reaction was 'HOLY FUCKING SHIT' [sic]," Weaver told The Verge . "

Security experts have warned for years that the hardware supply chain is at risk, especially considering that China has a monopoly on parts and manufacturing. Bloomberg claims to have found. We have not seen a widespread attack on US companies, as Bloomberg The Verge unless the tech industry wants to drastically rethink how it gets its components and brings products to the market.

Katie Moussouris, founder and CEO of Luta Security, says an attacker could use this kind of malicious implant to bypass all software protections, a doomsday scenario for defenders. "The Verge " Moussouris told The Verge "It's also possible to bypass the most sophisticated software security measures, even if it is difficult to detect.

The result requires an entirely new kind of defense, replacing code audits and bug-hunting checks for physical interference at the hardware level. Jake Williams, the founder of Rendition Infosec, says it will be an entirely new approach for security teams.

In this article, I will give you an example. some of the attacks, the attacks from jailbreaking, breaking the chain of trust between the hardware and the software instead of attacking the software itself. George Hotz, the legendary jailbreaker-turned-self-driving-entrepreneur, was skeptical of the Bloomberg story, but said a successful supply-chain attack would still be impossible to mitigate with conventional security tools. "If you can not trust your hardware, you can not trust anything," says Hotz. "

It's hard to say how companies like Apple and Amazon could adapt to these new risks. On the hardware level, strange behavior would be like trying to detect a heart murmur. There might be small anomalies every so often, but none would cause cause alarm. And researchers might be looking for bugs, either. Even if they could get these parts from Supermicro, for example, they'd have enough money and enough supply to run tests. Once you crash or damage a piece of hardware, it's impossible to start over again, which makes conventional bug bounties hard to implement.

Instead, Moussouris says supply chain risks are a reality we have to accept. Companies have already made their compromise; in exchange for cheap parts, they take the supply chain risk.

"We've made choices for outsourcing a lot of components in order to get them to market and have a viable product," she says. "Making sure that we understand that we have made these tradeoffs."

Please Note: This content is provided and hosted by a 3rd party server. Sometimes these servers may include advertisements. does not host or upload this material and is not responsible for the content.