Bloomberg’s Chinese spy chip story yesterday has dominated tech news. All the companies involved – Apple, Amazon and Super Micro – have issued strong denials, so the big question is: who is telling the truth?
The piece was either a massive scoop about something of vital importance to everyone, or an embarrassing misunderstanding since debunked by the companies involved.
Deciding which applies isn’t entirely straightforward, but there are five reasons I come down on the side of believing Apple …
It’s difficult to assess the veracity of a claim when we don’t know the exact nature of it.
Bloomberg didn’t provide specific details as to precisely what the alleged Chinese spy chip actually did. It outlined the principle of how it says the spy chip worked, but without describing exactly how the feat was achieved.
In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips’ operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.
What is described would be an amazing feat. Indeed, The Verge quoted Berkeley’s International Computer Science Institute professor Nicholas Weaver saying that it would amount to a ‘god mode’ exploit. It would be the holy grail of hacks.
#1: Bloomberg’s claim appears to be a ‘friend of a friend’ story
Given the dramatic nature of the claim, you’d expect Bloomberg to lay out exactly how it was achieved – but it doesn’t. One possibility is that the site wanted to keep the story accessible to a mixed audience by avoiding too deep a dive into the technicalities. But as this was a claim that was going to shake the tech world, it was obvious those who were capable of understanding the detail would want to do so.
That raises a second possibility: that Bloomberg can’t explain how the Chinese spy chip works because it – or its sources – don’t know. That would shift the story from a ‘here is what we know has been happening’ to ‘some people told us that something along these lines was happening.’ That’s a far weaker claim.
The Register’s Kieren McCarthy did an excellent deep dive into how the chip might have worked, if the claim were true.
The spy chip could have been placed electrically between the baseboard management controller (BMC) and its SPI flash or serial EEPROM storage containing the BMC’s firmware. Thus, when the BMC fetched and executed its code from this memory, the spy chip would intercept the signals and modify the bitstream to inject malicious code into the BMC processor, allowing its masters to control the BMC.
The BMC is a crucial component on a server motherboard. It allows administrators to remotely monitor and repair machines, typically over a network, without having to find the box in a data center, physically pull it out of the rack, fix it, and re-rack it. The BMC and its firmware can be told to power-cycle the server, reinstall or modify the host operating system, mount additional storage containing malicious code and data, access a virtual keyboard and terminal connected to the computer, and so on. If you can reach the BMC and its software, you have total control over the box.
With the BMC compromised, it is possible the alleged spies modified the controller’s firmware and/or the host operating system and software to allow attackers to connect in or allow data to flow out. We’ve been covering BMC security issues for a while.
One infosec expert cited says that this is not only plausible, but the way he would do it.
But if this is the case, why didn’t Bloomberg tell us? The only plausible answer here is that it wasn’t privy to the details, it only knows what some people said about it, which effectively turns this into a ‘friend of a friend’ story.
#2: The technical case against the claim seems strong
McCarthy lays out some objections to the idea of the specific claims about the Chinese spy chip. Three of them seem particularly persuasive to me.
Why go to the bother of smuggling another chip on the board, when a chip already due to be placed in the circuitry could be tampered with during manufacturer, using bribes and pressure? Why not switch the SPI flash chip with a backdoored one – one that looks identical to a legit one?
[And] The chip allegedly fits on a pencil tip. That it can intercept and rewrite data on the fly from SPI flash or a serial EEPROM is not impossible. However, it has to contain enough data to replace the fetched BMC firmware code, that then alters the running operating system or otherwise implements a viable backdoor. Either the chip pictured in Bloomberg’s article is incorrect and just an illustration, and the actual device is larger, or there is state-of-the-art custom semiconductor fabrication involved here.
One final point: you would expect corporations like Apple and Amazon to have in place systems that detect not only unexpected network traffic, but also unexpected operating system states. It should be possible that alterations to the kernel and the stack of software above it should set off alarms during or after boot.
So the technical case against the claim seems strong. Which, as McCarthy also notes, brings us to Apple’s denial.
The ‘Apple is lying’ theory
I’ve written in the past about an occasion on which Apple issued a suspiciously-worded denial: when the PRISM story broke and it was alleged that Apple gave the NSA access to its servers.
Security researchers examining the PRISM denials made by the companies alleged to be providing data to the NSA say that the language used is suspiciously similar. The emphasis is ours:
Google: First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers.
Apple: “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”
Facebook: Facebook is not and has never been part of any program to give the US or any other government direct access to our servers.
The fact that the exact same phrase has been used seems unlikely to be a coincidence. One security researcher I spoke to said the wording only eliminated the NSA pulling data from the servers; it did not mean the companies were not pushing the data to the NSA. If the NSA obtained a secret court order requiring the companies to hand over the data, then of course statements that they only provide data when required to do so by law would also be true.
My interpretation of this is that all three companies were required to push data to the NSA, and were subjected to a government gag order. The government provided wording which would allow the companies to be seen to be denying it without actually lying.
The same could potentially be true in this case. If Apple and Amazon had discovered a Chinese spy chip and reported it to the FBI, it’s possible – indeed, likely – that the US government would see value in keeping it quiet. Knowing which machines were compromised, it could control the flow of information – and misinformation – to the Chinese government.
So, in principle, it’s entirely possible that it happened the way Bloomberg says it did, and that Apple and Amazon have been instructed by the government to issue apparent denials.
#3, #4 & #5: The three problems with the ‘Apple is lying’ theory
But there are three problems with the ‘non-denial denial’ theory.
First, Apple’s denial does not appear to use carefully-selected wording. It doesn’t skirt around the claims: it tackles them head on.
On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.
Apple doesn’t just deny the specific claim, it says that nothing like it has ever happened. The bold here is my emphasis:
No one from Apple ever reached out to the FBI about anything like this, and we have never heard from the FBI about an investigation of this kind — much less tried to restrict it.
Now, one could observe that Apple is still being specific about ‘the FBI.’ Perhaps it went to the NSA instead – using contacts it had from PRISM project. But this leads us to problem two.
Second, then, Apple has specifically stated that it is not under a gag order.
Finally, in response to questions we have received from other news organizations since Businessweek published its story, we are not under any kind of gag order or other confidentiality obligations.
Any company that is subject to a gag order is under strict instructions to say nothing about it. So if there’s no gag order, we are being asked to believe that Apple voluntarily chose to lie about the spy chip, and is now lying about having lied.
If there were ever such an event as Bloomberg News has claimed, we would be forthcoming about it.
No matter how cynical you may be about big corporations, that idea stretches credibility.
Third, the value of keeping quiet about any Chinese spy chip was completely lost once Bloomberg posted its story. If it was true, the Chinese government would know that the gig was up, and there would be no value in Apple, Amazon or the US government keeping quiet about it. Apple could simply issue a statement saying something like ‘yes, this happened; we detected it; we were asked to keep quiet about it; we took steps to ensure no genuine customer data was leaked.’
So those, then, are the five reasons I believe Apple. It’s a friend-of-a-friend story. The technical arguments suggest it didn’t happen in the way Bloomberg says it did. Apple’s denial appears unequivocal. The company has ruled out the gag order theory. And, if it were true, there would be no reason now not to come clean about it.
That’s my view – what about yours? Please take our poll to let us know who you believe, and share your thoughts in the comments.
Take Our Poll