contador web Skip to content

Security researcher questions espionage against Apple; new evidence emerges

And we are again to talk about the developments caused by the affirmation of the Bloomberg Businessweek that Apple, Amazon and others were spied on by the Chinese government. Have no idea what I'm talking about? Then check out the articles below (in chronological order):

Assuming that you are already properly aware of the subject, let's go to the new chapters.

Security researcher questions history

The security researcher Joe Fitzpatrickis one of the few sources cited (nominally) in the investigation of Bloombergsaid this week on the podcast Risky Business, who felt uncomfortable after reading the magazine article. And he explained the reason.

Fitzpatrick spoke with Jordan Robertson (one of the journalists responsible for the Bloomberg) last year, just before giving a presentation on hardware implants at the DEF CON hacking convention. The reasons behind the conversation were unclear to Fitzpatrick until the magazine was published last month.

That's because, in conversations with Robertson, the expert detailed how hardware implants work by specifically highlighting proof of concept devices that he demonstrated at Black Hat (another hacking convention) in 2016. And that's what he found all odd. According to conversation with podcast host Patrick Gray, Fitzpatrick said that what basically happened was: all he described to Robertson was 100% confirmed by the magazine's sources. Not to mention that for him, the story told "makes no sense", since in his words there are easier and more economical methods of installing a backdoor in a computer network.

Spreading hardware fear, uncertainty and debt is directly related to my financial gain, but that makes no sense as there are many easier ways to do this. There are so many easier hardware ways, there are software, there are firmware approaches. The approach you are describing is not scalable. It is not logical. Not like I would do that. Or how someone I know would do that.

In an email response, the journalist confirmed that the idea "sounded crazy" but said "many sources" corroborated such information. Fitzpatrick was unconvinced but, although skeptical, replied that “if they wanted to (create one) backdoor on every Super Micro me board, I think that's the approach that makes sense. ” Basically, however, Fitzpatrick still felt that the approach chosen made little sense.

Alleged microchip used to spy on AppleAlleged microchip used to spy on Apple

Calmly the story gets more interesting. So far, Robertson had shown no physical proof that the microchip in question existed, saying that everything had been described to him by protected sources. And indeed, Robertson in September asked Fitzpatrick what a "signal amplifier or coupler" looks like, suggesting that this would be the Chinese government's approach to spy on servers. Fitzpatrick then sent Robertson a link to a very small signal coupler sold by Mouser Electronics. And that was the component shown by Bloomberg in the images that illustrate the magazine.

It turns out, for Fitzpatrick, that kind of component would be an unlikely choice for espionage. He suggested, for example, the use of chips that mimic the SOIC-8 package. In addition, signal couplers of this size are not standard on server motherboards that do not include Wi-Fi or LTE (it is unknown whether or not Apple's servers have such capacity).

THE BloombergOf course, it maintained its position, and made the following statement:

As a typical journalistic practice, we are looking for many people who are subject matter experts to help us understand and describe the technical aspects of the attack. The specific ways the implant worked have been described, confirmed and elaborated by our primary sources who have direct knowledge of compromised Super Micro hardware. Joe Fitzpatrick was not one of those 17 individual primary sources that included company officials and government officials, and his direct quote in history describes a hypothetical example of how a hardware attack could unfold, as history makes clear. Our reporters and editors carefully examined each story before publication, and that was no exception to that one.

Fitzpatrick, for his part, claimed to have the experience and knowledge to analyze the technical details of the subject and to see that everything is quite confusing. “They are not totally wrong, but they are theoretical. I am not aware of the other conversations and the 17 other sources and what they said, but I can infer from the technical side of things that the non-technical side of things can be confused in the same way. ”

New evidence

THE Bloomberg He said yesterday that a major US telecommunications company has discovered hardware handled by the same Super Micro on its network. Everything, however, was removed last August. And for the vehicle, we are facing new evidence of tampering with critical US technology components, according to a security expert.

Yossi Appleboum, the subject matter expert, provided documents, analyzes, and other evidence of the discovery after the publication of the original subject matter. Bloomberg Businessweek.

Yossi Appleboum

Appleboum executive co-director of Sepio Systems (based in Gaithersburg, Maryland), which specializes in hardware security and is contracted to verify large telecom data centers cited by Bloomberg. After identifying unusual communications from a Super Micro server, a physical inspection revealed an implant embedded in the server's Ethernet connector.

But he said he had seen similar manipulations of computer hardware from different vendors, not just Super Micro products. "Super Micro is a victim – just like everyone else," he said. Appleboum said his concern that there are numerous points in the supply chain in China where such manipulation can take place and to deduce where exactly that happens is virtually impossible. "That's the problem with the Chinese supply chain."

Super Micro gave the following statement to the vehicle:

The safety of our customers and the integrity of our products are fundamental to our business and the values ​​of our company. We take care to ensure the integrity of our products throughout the manufacturing process and supply chain security is an important topic of discussion for our industry. We are not yet aware of any unauthorized components and have not been informed by any customer that such components have been found. We were saddened to receive limited information from the BloombergNo documentation is (only) noon to answer these new claims.

THE BloombergHowever, he said he contacted Super Micro at 9:23 am on Monday and gave the company 24 hours to respond. Super Micro shares plummeted 41% last week (the biggest drop since it went public in 2007); after the mother note of Bloomberg, the shares were 27% more.

Although different, the vehicle reported that espionage methods share the same characteristics (giving invisible access to data on a computer network on which the server is installed).

Appleboum said one of the key signs of the implant that the manipulated Ethernet connector has the sides made of metal rather than the usual plastic ones. The metal needed to diffuse the heat from the hidden chip inside, which works like a mini computer. “The module looks really innocent, high quality and 'original', but it was added as part of a supply chain attack.”

It is unclear whether such a telecommunications company contacted the FBI about the discovery and a spokesman for the agency declined to comment. An AT&T spokesman said "these devices are not part of our network and we have not been affected"; one from Verizon boiled down to saying that "we were not affected"; Sprint stated “we have no Super Micro equipment deployed in our network”; T-Mobile has not responded to the request for comments.

There is much more detail about the server handling found in this telecom company in the Bloomberg. If you are interested in the subject, be sure to read.

Tim Cook in China

With all this happening, Tim Cook this week decided to show up in China. And at timing of the visit, of course everyone bet Apple CEO is in Shanghai because of this polemic.

"Tim "Tim

Of course, the reason for the visit does not prevent the executive from sticking to a lighter, motivational and even marketer schedule, such as visiting Apple stores, a yoga studio where people use Apple Watch to monitor activities, use their own. watch to pay for water transport (ferry) and compliment the performance of some photographers equipped with their iPhones XS Max all on the social network Weibo, where Cook has an official account.

Behind the scenes, of course, it is very likely that the Apple CEO will meet with representatives of Apple's government and suppliers to try to understand this whole mess.

via AppleInsider: 1, 2, 3