
Hardware Implants - okket
https://securinghardware.com/articles/hardware-implants/
======
sephamorr
A pencil point is a tapering edge, so I'm assuming the author is considering
<1mm for "fully capable computer the size of a pencil point" being
unreasonable.

Microcontrollers are not a huge amount larger than that any more:

-Cortex-M4f in 1.6x1.6x0.65mm (MAX32660)

-Attiny20UUR in 1.56x1.4mmx0.50mm

Bare dies may be a bit smaller than the above.

~~~
kurthr
I would note that thinning and encapsulation of bare die allows typical
thicknesses of <200um. Now, if you need an smt package and a (F)PCB then
everything blows up to mm total thickness. Note also that typical minimum
dicing width is 6-700um and your micros layout could be re-done to be a more
toothpick 3x0.66x0.2 size. Still, gotta get power in and signals out, but
conformal parylene will cover ACF or wirebonds.

~~~
baybal2
You can put a lot of tsvs across the border of IC and grind up to them, hoping
that the wire will bond to at least one of them. And if you do bonding by
hand, you can bond right to the metal if the oxide below is thick enough.

------
uncle_d
The discoverability of a hardware hack as reported makes the whole thing fail
to ring true for me.

As Joe alludes to, why do something so discoverable when there are numerous
other attack vectors that would preserve plausible deniability?

It appears close to a one-time trick, if you’re China. Once the trust is gone,
it’s not coming back. Supply chains are already coming back home due to
automation and consequently less reliance on cheap manual labour.

The case would have to be compelling - something that could not be achieved
otherwise. That case is yet to be made.

~~~
drasticmeasures
When you ask "why would they?" you can intuit a seemingly good case either way
that they would or wouldn't (maybe they would because they're incompetent.)

Instead of relying on intuition, a more to-the-point question is "did they do
it?" We have to wait for a definitive answer to this from the authorities.

~~~
uncle_d
No, we’ll have to wait for some definitive proof.

------
bitewhite
Coincidentally, Joe Fitzpatrick was also one of the experts cited in the
Bloomberg article. It would have been great to see this kind of technical
perspective in the Bloomberg article! Joe clearly has value to add to the
conversation and it is disappointing that Bloomberg chose to leverage his
credentials in the hardware security community to add fluff to their article
instead of any real insight. Same with using Joe Grand as well.

------
fulafel
BMC threats are a sufficient reason to avoid server class hardware for some
people. They even contain public remotely exploitable vulns.

------
doitLP
I love follow-ups like this from experts like Joe. However, he seems quick to
dismiss a couple things as improbable due to cost. I don’t know, but I
wouldn’t be so sure considering we’re talking a nation-state actor here.

------
dogreborn
I've got titanium nails (controlled through magnet remote) in bone which
helped me increase my height from 5'8 to 6'2 my dream height.

The method is called distraction osteogenesis where bone is cut obliquely and
distanced 0.8mm a day.

I got both femur and tibia through the procedure in both legs to preserve the
biomechanics which have to do with the femur to tibia ratio.

That said i don't feel anything. But this change has tremendously helped me
gain confidence. So, my atheletism isn't affected in anyway.

I always had technical competence but was sidelined because of my lack of
confidence due to my below average height.

I saw some really tall guys without any degree getting the role which i had
experience/qualification for without any issue.

Today, I am a CEO of a small company and no longer insecure :)

~~~
sparkpeasy
Your comment bot is acting up

~~~
geoah
My thoughts exactly, it was a nice try though, maybe a next version could
actually parse the article in order to find the most prominent keywords/topics
instead of relying on just the title.

I'm pretty sure this comment would have gathered a number of comments /
upvotes if it was in the right context.

