Bloomberg has reported that operatives from the People’s Liberation Army of China infiltrated the global technology supply chain, and implanted extremely small chips onto motherboards manufactured in China by Super Micro Computer, Inc. (Supermicro).
The reason for China’s interest in Supermicro was due to its use in critical server infrastructure developed by a company called Elemental Technologies, which was acquired by Amazon in 2015.
Elemental developed technology that converts video files for display on various sizes of screen. In addition to being used to stream the Olympics online and communicate with the International Space Station, Elemental had also secured several government contracts.
Its servers were situated in the data centres of the Department of Defence, in the on-board networks of US Navy warships, and they were used to stream drone footage back to the CIA.
According to the report, the Chinese army developed an incredibly small chip — as small as the tip of a sharpened pencil — which is able to rewrite data that ultimately gets executed by a server’s CPU.
The report stated that one possible use could be that when an attacker remotely logs into a server, instead of prompting them for a password, the chip overwrites that instruction and simply lets them log in without one.
As The Register notes: “That it can intercept and rewrite data on the fly from SPI flash or a serial EEPROM is not impossible. However, it has to contain enough data to replace the fetched BMC firmware code, that then alters the running operating system or otherwise implements a viable backdoor.”
The Register concluded that Bloomberg’s depiction of how small the chip is must either be incorrect, or the Chinese army had a state-of-the-art custom semiconductor fabricated for this elaborate attack on the world’s technology supply chain.
Apple and Amazon were also reported to have been affected by the secret chips, with certain systems compromised, but they denied the claims.
“As we shared with Bloomberg BusinessWeek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Additionally, we have not engaged in an investigation with the government,” said an AWS spokesperson.