[markmall]

Hmmm...

https://www.bloomberg.com/news/featu...-top-companies

[Bla1ze]

Hmmm...

https://www.imore.com/did-china-hard...ple-and-amazon

[bobshine]

This entire thing feels like a science fiction story. Is it even possible that a chip planted on a motherboard not designed to receive that chip would be able to do that???

[gravesend60]

This entire thing feels like a science fiction story. Is it even possible that a chip planted on a motherboard not designed to receive that chip would be able to do that???

China is not our friend.

[bobshine]

China is not our friend.

They aren’t m. But it’s soooo, sooo much easier to spy using software and malware. Building in hardware to spy on a design that wasn’t meant to receive an extra chip... do you realize how difficult that is? It’s like putting square tires on a car.

[conite]

They aren’t m. But it’s soooo, sooo much easier to spy using software and malware. Building in hardware to spy on a design that wasn’t meant to receive an extra chip... do you realize how difficult that is? It’s like putting square tires on a car.

Agreed. There are infinitely easier ways to spy than this ridiculous scenario.

[jfalkingham]

Definitely harder to implement than software but has a much longer shelf life if it indeed made it through the entire supply chain. Cameras and mics bring the greatest threat.

[stlabrat]

still waiting for the details. with Blu embedded gps location "test" chip issue early last year, I am not surprised. insert extra chip is not as difficult as many imagined - if you only send schematic to sub-contract and let them do the layout and generate Gerber files for the board, and you demand final product to be fully tested with boundry scan only, but not check / sign off on detail layout (performance only), I can see it rather easy to add a "test point" chip...- if that chip has enhanced functionality, you might have problem - e.g. security. As I said before, I am still waiting to see the details. IMHO.

[gravesend60]

Agreed. There are infinitely easier ways to spy than this ridiculous scenario.

You think it's rediculous but I bet not to China.
They will spend billions to get the upper hand on the U.S. and the west.

[markmall]

You think it's rediculous but I bet not to China.
They will spend billions to get the upper hand on the U.S. and the west.

Agree. The worst mistake the West ever made was opening up China in the early-1970s. Then we started treating them like a friendly trading partner and ignoring all the abuses.

Now they are taking their cash and buying up the West Coast of the U.S. and Canada. Think that new Chinese residents in North America don't have loyalty to their homeland and would not steal secrets and IP?

[markmall]

still waiting for the details. with Blu embedded gps location "test" chip issue early last year, I am not surprised. insert extra chip is not as difficult as many imagined - if you only send schematic to sub-contract and let them do the layout and generate Gerber files for the board, and you demand final product to be fully tested with boundry scan only, but not check / sign off on detail layout (performance only), I can see it rather easy to add a "test point" chip...- if that chip has enhanced functionality, you might have problem - e.g. security. As I said before, I am still waiting to see the details. IMHO.

Thank you. If it were so absurd then they wouldn't have done it.

[conite]

You think it's rediculous but I bet not to China.
They will spend billions to get the upper hand on the U.S. and the west.

The very notion that you could just deposit a tiny chip, with a few snipets of code, into a device that can talk to everything through encryption and then relay all the information back to the mothership is absurd imo.

"Whether a chip, as described, can do what's being described and whether or not the group being described could produce such a chip are among the debate topics."

"About the only thing everyone agrees on is that there's no evidence any customer data — any of our data — has been compromised."

[Ment]

CIA/NSA did similar things at a hard drive plant in SE asia corrupted their firmware such that formatting the drive wouldn't get rid of the malware.

[anon(10268214)]

"About the only thing everyone agrees on is that there's no evidence any customer data — any of our data — has been compromised."

No evidence, Lol. And who hacked China's secret service to confirm that one?

[Chuck Finley69]

Agree. The worst mistake the West ever made was opening up China in the early-1970s. Then we started treating them like a friendly trading partner and ignoring all the abuses.

Now they are taking their cash and buying up the West Coast of the U.S. and Canada. Think that new Chinese residents in North America don't have loyalty to their homeland and would not steal secrets and IP?

While I agree with your post, I’m curious if this isn’t some kind of “fake” news that could be planted for other reasons. Not saying that it’s possible or impossible but that social media allows for a level of planting false or exaggerated information for the purpose of misdirection. All larger developed countries are using social media for multiple agendas not always fully apparent.

[gravesend60]

The very notion that you could just deposit a tiny chip, with a few snipets of code, into a device that can talk to everything through encryption and then relay all the information back to the mothership is absurd imo.

"Whether a chip, as described, can do what's being described and whether or not the group being described could produce such a chip are among the debate topics."

"About the only thing everyone agrees on is that there's no evidence any customer data — any of our data — has been compromised."

If you say so.
Time will tell.

[markmall]

While I agree with your post, I’m curious if this isn’t some kind of “fake” news that could be planted for other reasons. Not saying that it’s possible or impossible but that social media allows for a level of planting false or exaggerated information for the purpose of misdirection. All larger developed countries are using social media for multiple agendas not always fully apparent.

Bloomberg has a good reputation and there are a lot of details. Seems unlikely to be a plant by the CIA or someone but I guess it's possible.

Posted via CB10

[Chuck Finley69]

Bloomberg has a good reputation and there are a lot of details. Seems unlikely to be a plant by the CIA or someone but I guess it's possible.

Posted via CB10

Just an observation, I have no idea either way. On side note, I tagged you in another thread where somebody was looking for supertube

[bb10adopter111]

The very notion that you could just deposit a tiny chip, with a few snipets of code, into a device that can talk to everything through encryption and then relay all the information back to the mothership is absurd imo.

"Whether a chip, as described, can do what's being described and whether or not the group being described could produce such a chip are among the debate topics."

"About the only thing everyone agrees on is that there's no evidence any customer data — any of our data — has been compromised."

These companies are hiding behind that "no evidence" line. China has been employing advanced persistent threats like this for years, in routers, switches, phones, motherboards and anything else they can manage. The researchers who found this performing due diligence for AWS have an unimpeachable reputation and would have nothing to gain by lying about this.

Our company has a Chinese cyber expert whose response to this news was, "It's a major attack, but it's only the tip-of-the iceberg. Now consider every 'smart' device being produced in China and figure 5-10 percent of IoT devices are compromised in the factory.". One security researcher said we should just replace the word "smart" with the word "dangerous" when talking about technology in general!

The Chinese treat cyber espionage as a long game. They have large military and civilian units focused on exactly these kinds of advanced persistent threats.

If you ask me whether I believe the security researchers or the corporate suits covering their asses headed into the fourth quarter for consumer sales, it's an easy decision whom to trust!

Posted with my trusty Z10

[bb10adopter111]

They aren’t m. But it’s soooo, sooo much easier to spy using software and malware. Building in hardware to spy on a design that wasn’t meant to receive an extra chip... do you realize how difficult that is? It’s like putting square tires on a car.

it's not that hard for PhD engineers, and it's the best kind of advanced persistent threats because no amount of patching or scanning will mitigate it. The only difficult thing is to 1) gain physical access to the factory and 2) devote the time and resources to take advantage of tens of thousands of servers in data centers. By focusing on the boards used to encode and decode video, the agents were guaranteed to gain access to almost all major data centers. This is exactly what stage intelligence agencies do.

Posted with my trusty Z10

[Bbnivende]

One might wonder why a Chinese company might licence BlackBerry under the mistaken impression that these phones were still popular amongst government and business users.

On the other hand, "BlackBerry effort to enable OEMs establishing a BlackBerry Secure hardware root of trust from their own assembly line. As part of the service, BlackBerry will provide a remote and secure workstation—connected to the BlackBerry Network Operations Center (NOC)—that will provision and assign secure tokens and certificates. This should provide a strong defense for rootkits, which are almost impossible to defend against."

Presumably, BlackBerry must be confident of their processes to allow a Chinese factory to interact with their servers. It is also interesting that the offending motherboards were tested in Ontario, Canada.

Actually, BlackBerry and its partners are depending heavily on the root of trust technology. If there is a breach , BlackBerry's world will collapse. Seems like a good time to buy a BlackBerry phone.

[Invictus0]

Actually, BlackBerry and its partners are depending heavily on the root of trust technology. If there is a breach , BlackBerry's world will collapse. Seems like a good time to buy a BlackBerry phone.

I assume that would depend on the component, there are RAM mods for the Priv that don't seem to trip the OS for example. The story also says that the chips were inserted during the manufacturing process, I'm not sure how easy it would be to flag something like that.

[stlabrat]

on the handset level, if it is OEM/CM (contract MFG) relationship,it is harder to insert chip unless it is by design (such as Blu case). the board is too dense to insert a chip without mess around design of intended RF response or singal integrity. Apple design is fully controlled inhouse (as labelled such - designed by apple in California)... so I wouldn't worry too much about their handsets level. Server is different story (that use super-micro mother board?). Old BB, similar to Apple, is fully in house control design, not farmed out. holding my z30 closer...

[Leyra B10]

The very notion that you could just deposit a tiny chip, with a few snipets of code, into a device that can talk to everything through encryption and then relay all the information back to the mothership is absurd imo.

"Whether a chip, as described, can do what's being described and whether or not the group being described could produce such a chip are among the debate topics."

"About the only thing everyone agrees on is that there's no evidence any customer data — any of our data — has been compromised."

I don't think thats absurd, sounds like an nfc transfer of a contact with a self executing directive in the image, haha farfetched maybe.

Posted via CB10

[bobshine]

it's not that hard for PhD engineers, and it's the best kind of advanced persistent threats because no amount of patching or scanning will mitigate it. The only difficult thing is to 1) gain physical access to the factory and 2) devote the time and resources to take advantage of tens of thousands of servers in data centers. By focusing on the boards used to encode and decode video, the agents were guaranteed to gain access to almost all major data centers. This is exactly what stage intelligence agencies do.

Posted with my trusty Z10

By why go through all that length? They can just use the username Admin and password 123456 and they will access pretty much everything in America.