
This technology would spot a secret chip in seconds - wolfgke
https://spectrum.ieee.org/riskfactor/computing/hardware/this-tech-would-have-spotted-the-secret-chinese-chip-in-seconds
======
trycrmr
The overarching theme is why isn't everyone using this tool. A few issues:

1) They might be, and it's being fooled. But...

2) ...they're likely not using it. Consider the following:

> "So why isn’t this system in widespread use? After all, much of it has been
> available since 2014."

With the compromised servers being purchased in 2015 it's assuming the
ubiquitous implementation of the described system a year after "much of it"
was available. Big companies don't move that fast to begin with (budgets,
politics, entrenchment of current processes, etc.). Also, the article doesn't
site anywhere this tech has been proven in the wild. Do you want to make that
case to your boss that _your job can be replaced (and maybe theirs)_ with
this, probably expensive to purchase and implement, _unproven_ tech? That's
even if you've heard or thought of this system coming together in 2014 to
prevent an attack that would've infiltrated your network by 2015.

The only defense they give for why it hasn't been used was they were waiting
for a huge attack to help justify company's spend. That would help, but FICS
would be better off taking on the initial capital costs and charging these big
companies on a per server basis to use FICS's system (or spinning of a company
to do so, idk how FICS could make this happen).

It's like saying a day after SpaceX's flight around the moon that if your
company wants to get to the moon have your company purchase a BFR and send
their own people up. Cool. Take a hike.

------
maltalex
> The system uses optical scans, microscopy, X-ray tomography, and artificial
> intelligence to compare a printed circuit board and its chips and components
> with the intended design.

Could it detect a change _within_ a chip? If not, then it makes such an attack
harder to execute, but not impossible. Especially for a nation state.

~~~
TickleSteve
I would have thought it would actually easier to subvert the supply chain than
physically mount a new device on a board.

Simply supply 'alternate' devices for normal manufacture.

------
TickleSteve
This would still not pick up malicious surface-mount devices.

Imagine a subverted NOR FLASH device with malicious firmware booting your
board-management device. Its still a SPI FLASH with the same (apparent) device
id. The contents would just be different.

~~~
alias_neo
The technology shown here is working at a different level; is looking at the
PCB, trace by trace and identifying components and connections, layer by layer
and verifying it against the design.

It's purpose is to ensure that designs aren't modified in manufacture.

What you're talking about is a software problem, and should be carried out in
addition to this.

The first idea that comes to mind is that I would sign the contents of the
flash devices and have them verified once the board layout has been verified.

Essentially, you'd have your board schematic, and then a signature "schematic"
of firmware to verify against. Of course, you'd also need a way of signing the
schematic/signature list to verify those once they're updated.

~~~
rasz
Yes, in other words technology shown here is useless.

~~~
alias_neo
I'm not sure what gives you that impression.

In this case, the technology would have identified this additional component
added out-of-spec. Once you've identified that a component that doesn't belong
has been added you don't need to bother identifying any software attacks, it's
already compromised.

~~~
rasz
What makes you think this component (if it existed) was visually different
from component it replaced on the pcb?

------
vectorEQ
x-rays are useful to identify parts which don't belong in the original design,
though it doesnt say anything about these parts. It can be manufacturing
errors / design iterations not well documented or any number of things besides
a malicious implant. more manual analysis will always be needed. But if you
have tons of PCBs to go through it can give a quick overview what chips might
be good initial targets.

some people noted that some 'hardware' attacks can't be seen because they use
original parts. -> that's a silly statement, as that would make it a firmware
attack, not a hardware attack (even though physical access might be needed to
flash the chip, it's the firmware which is malicious, not the chip itsefl.
i.e. other type of threat / use-case).

i think the problem with x-rays, apart from them being hazardous in
themselves, the cost and availibility of equipment is not practical for
reverse engineers and researchers apart from some highest tier companies doing
this.

A question to NH about this which might be more interesting: do you think you
can get similar results using ultrasound? Because ultrasound devices are
fairly cheap and can be made at home fairly easily compared to x-ray
technology. It's also much less hazardous to the researchers....

~~~
rasz
>some people noted that some 'hardware' attacks can't be seen because they use
original parts.

You can have original looking part. Imagine a 8Mbit SOIC SPI NOR flash chip.
Looks the part, belongs in its spot, you decap it and it sure does look like a
flash Die with its normal Flash controller. Now consider this:
[http://travisgoodspeed.blogspot.com/2012/07/emulating-usb-
de...](http://travisgoodspeed.blogspot.com/2012/07/emulating-usb-devices-with-
python.html) I cant find it right now, but Afair Travis (or maybe it was hak5
RubberDucky folks) noticed early on that its pretty trivial to detect what is
happening on the Host side of the interface - what operating system am I
plugged into and at what phase of the operation are we on (bios query, OS
loading drivers).

Imagine a Flash chip that is able to tell (power sequencing, timing and order
of commands) if its booting a particular controller on the board, or if its
being read in a flash programmer. Flash chips have processors running their
own firmware nowadays, turtles all the way own.

------
amelius
The problem is that the bad guys also have access to this technology. So they
can just tweak their designs until the scanner says it's ok.

------
exoesquitur
The thing missing from this analysis is that on data bus lines like SPI, I2c
and others there are "passive" components like resistors and capacitors used
for signal conditioning and line bias. If one of these components were
replaced with a highly integrated IC, it would be possible to mimic the
function of the passive component most of the time, but sometimes hijack
existing data streams as a MITM.

This can be used to insert alternative boot code, firmware, microcode, or even
FPGA structures.

Note that the component would not have to generate its own signal source,
because by merely inserting a lower than normal resistance or capacitance it
could alter an existing bitstream to reflect the desired payload.

It would require a high degree of integration and power management finesse,
but is certainly doable to replace an existing SMT resistor or Capacitor with
such a device. .

~~~
exoesquitur
..... Such a device would not be detectable by xray (micrographic xray maybe?)
, ultrasound, visual inspection, circuit analysis, or signal analysis until it
was activated by a particular bitstream, possibly as part of a firmware update
released by the manufacturer.

------
frgewut
Slightly offtopic, but most easiest way for detecting tampering with hardware
is weighing stuff.

~~~
JdeBP
Now read
[https://news.ycombinator.com/item?id=18138699](https://news.ycombinator.com/item?id=18138699)
.

~~~
alxlaz
I see comments like that every once in a while, and I always come back to
something that one of my professors told me a long time ago. If it took you
like five minutes of thinking about it to come up with it, it's a safe bet
that a) folks who are paid to work on this stuff full-time have already
thought about it and b) that someone already figured out how to work around
it.

------
alsadi
> .. would spot ..

the article describe how to spot a supposed spying chip when it happens, but
why they single China? Just replace it with Israel and the article would still
valid.

------
otto_ortega
This article is shameless self-promotion... "to compare a printed circuit
board and its chips and components with the intended design..." So every
company now has to design its own servers, routers and every other piece of
hardware from the scratch to avoid "spy chips" ? Yeah... Sounds like a good
idea...

------
baybal2
That will not help you with sand grain sized plants, if they actually are such

------
monocasa
I don't but that some machine learning algorithm from 2014 actually works and
isn't just snake oil.

------
asaph
I find the denials made by the companies involved to be substantive and
credible. I'm inclined to believe them. Perhaps Bloomberg's reporters fell for
a conspiracy theory this time.

~~~
ElBarto
If true, the attack described by Bloomberg would mean the US fell victim to
one of the most spectacular attack, if not the most spectacular attack, in
history and at the hand of the Chinese.

It's equally credible that they would never want to acknowledge that.

~~~
tyingq
_" would mean the US fell victim to one of the most spectacular attack, if not
the most spectacular attack, in history"_

The general idea doesn't seem new or novel.

[https://arstechnica.com/tech-policy/2014/05/photos-of-an-
nsa...](https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-
factory-show-cisco-router-getting-implant/)

~~~
ElBarto
It's not the idea, which is indeed old and used. It's the execution and
success (if true).

~~~
tyingq
I'm assuming it's been successfully used both by, and against, the US for many
years.

------
moonbug
Or just Secure Boot (on the BMCs).

~~~
asaph
How does this defend against a the type of hardware-based attack discussed in
the article?

~~~
rjst01
The same way secure-boot provides protection against hardware modification /
evil maid type attacks in CPUs today: by verifying the integrity of the code
that's about to be booted before the CPU boots it.

It would significantly raise the cost and difficulty of this sort of attack.

~~~
wolfgke
> It would significantly raise the cost and difficulty of this sort of attack.

In my opinion, modifying the board layout with the additional chip and
modifying the production process for the server boards stealthily already has
a pretty high cost and difficulty.

~~~
rjst01
> already has a pretty high cost and difficulty

That's true, but properly implemented secure boot could serve to increase it
by an order of magnitude.

