Hacker News new | past | comments | ask | show | jobs | submit login
Chinese spies had acces to Dutch chip maker NXP's systems for over two years (nltimes.nl)
63 points by belter on Nov 24, 2023 | hide | past | favorite | 49 comments



>protects its systems with an extra code provided over the telephone, but the hackers circumvented this double authorization by changing the telephone numbers

How do you change the phone number without access to the phone authenticator in the first place?

>states that the hackers caused no material damage, but did steal intellectual property

I wonder what valuable IP they could have gotten, as last time I interacted with them, they had their hardware design files on airgapped networks for which you needed a second laptop to access and had no internet connection or open USB ports making hacking impossible. But that was a long time ago.


> How do you change the phone number without access to the phone authenticator in the first place?

You can contact the phone company if using a cellphone (i.e. transfer the phone number to a new sim)

When my phone was stolen a few weeks ago, I tried to transfer my phone number to a different company but they wouldnt let me... they told me all I had to do was buy a sim card from the same company. Security is a joke (also physical security).


I guess they changed a phone number in the Active Directory to which the TFA-SMS was sent?


Airgapped networks can be bridged.


Only by a physical person. Otherwise it's not an airgapped network.


I mean the Iranian centerfuges smashed by stuxnet were also airgapped.


Not at all. I can turn on your airgapped computer from the street without getting into your building...

Intel Management Engine - https://en.wikipedia.org/wiki/Intel_Management_Engine

"Several weaknesses have been found in the ME. On May 1, 2017, Intel confirmed a Remote Elevation of Privilege bug (SA-00075) in its Management Technology.[36] Every Intel platform with provisioned Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME"

https://www.intel.com/content/www/us/en/developer/tools/in-b...


And how do you establish the connection to deploy your remote privilege escalation exploit against the Intel Management Engine?


Hey I am not ChatGPT :-) But the answer has three parts:

1- "...The Intel Management Engine always runs as long as the motherboard is receiving power, even when the computer is turned off..."

2- The Intel Management Engine is the remote privilege escalation.(Read on the known and unpublished vulnerabilities).

3- Over-the-Air Firmware Updates...

If I say more we both will end on a secure facility.


>3- Over-the-Air Firmware Updates...

Mate I feel like you're getting your security know-how from watching Mission Impossible.

"Over-the-Air" doesn't actually mean you can magically beam SW updates wirelessly through the air to the Intel chip like in the hacker/spy movies, as airgapped networks, as per name, don't have wireless cards.

Intel ME still requires a network connection to the internet/network from which you want to apply the update. If you're on an airgapped network this becomes impossible to do without first breaching the airgapped network physicality, but this is not what happened according to the article, they just compromised some employee Microsoft/O365 account which is on the less secure network anyway and probably stole whatever IP they could find shared through the e-mail accounts and on Sharepoint.


Maybe an official source will be good enough for you: https://www.intel.com/content/www/us/en/business/enterprise-...


Don't know what you saw in there but all that material disproves your claims.


Wait, I swear I'm not being intentionally daft, but in this scenario my air-gapped system has a (intel) wireless card? And we are certain the ME can manage this wireless card? And is actively listening for a wireless update while 'off'? From an unauthenticated connection?


>in this scenario my air-gapped system has a (intel) wireless card?

If you have a wireless card then your system was never airgapped to begin with. Parent makes some wild confusions.


See page 5 on how the CPU has now just become another peripheral. Notice the Out-of-Band Wireless into the Motherboard - https://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf

Is dismounting your Motherboard what you mean by not having a card?


>Notice the Out-of-Band Wireless

That's just the wireless controller on the chip but its not enough to have wireless communication actually work. You still need a wireless PHY which modulates the digital signal into radio waves, and an antennae attached to actually have wifi. On it's on it does nothing, it's just a piece of silicon that can't achieve radio communication.


Your are late for your Infosec Class...

"AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers" - https://arxiv.org/abs/2012.06884

"In this paper, we show that attackers can exfiltrate data from air-gapped computers via Wi-Fi signals. Malware in a compromised air-gapped computer can generate signals in the Wi-Fi frequency bands. The signals are generated through the memory buses - no special hardware is required."


That paper is about sending out signals by writing to memory at a cadence that causes WiFi-band emissions from the memory bus traces on the motherboard. As other have pointed out, doing this requires first compromising the machine.

But, more importantly, the IME needs to be able to receive a signal to update, not transmit.


You haven't read it then. The premise of that paper is stupid. It assumes you already physical breached that airgapped network (which is the hardest part to do) to insert that malware in the first place.


FirmwareBurner, let's rejoice in the realization that our jobs are secure :-)


You are the ruin of TEMPEST vendors...


TEMPEST is to pull data from a remote computer. I listen to the power grid to decode what you're typing, I monitor RF to see what you're typing and what's on your screen. All these computer peripherals are radio transmitters that can be snooped on. They're also one way only

The notion that I am going to establish any kind of foothold in your system that's properly air gapped via TEMPEST is silly.


See slide 26 and 27. Bugs re-enable what was possible and now said not possible anymore.(I say, not the presentation) - https://fahrplan.events.ccc.de/congress/2017/Fahrplan/system...


If you don't add an antenna to your airgapped computer, you need physical access to some copper.

If you do add an antenna to your 'airgapped' computer, well, just don't.

Is there a third way?


The IME vulnerability referenced on Wikipedia still uses the computer's network.

And to the IoT reference - such a computer wouldn't be (or rather shouldn't be) regarded as airgapped.


I don't think you understand what "air-gapped" actually means


>Airgapped networks are can bridged.

Not via the processes discussed in the article.


Reading this and I can’t help but think this is entirely predictable at this point? One particular country seems especially eager to steal any and all industrial information it can.


>One particular country seems especially eager to steal any and all industrial information it can.

Not just one, several: Russia, Israel, Iran, North Korea, even the US used NSA to hack into Airbus and Siemens while UK used GCHQ to hack into Gemalto, basically every country which has the technical capabilities will try to do that.

China is the proeminent one because it's the west's largest economic adversary and because they actually use the stolen IP to make their own bootlegs and not just for security and intelligence like the other nation states.


You can't really prevent state level actors unless you go full azure information Protection (labelling and encryption of every doc) and review every audit log and have each employee justify each access. Most people don't want to work in such an environment.

They can just pay off someone in security or IT and there you go.

They don't seem to have done this here but they will if they don't get in another way. I'm sure. What we call insider threat is basically every spy agency's MO since history began.


sort of off topic sorry, but has the newly elected Dutch guy taken a stand on the US ASML affair?


That wont be necessary. The Chinese will get their files via the Russians...

"Leaked documents show connections between PVV and Russia" - https://nltimes.nl/2023/10/19/leaked-documents-show-connecti...


No, he's been busy trying to find someone who is not an embezzler[1] to talk to the other parties so they can form a cabinet. Didn't manage to find one in his own party.

[1] https://nltimes.nl/2023/11/27/cabinet-formation-leader-resig...


Even with a plurality it's unclear he will manage to form a government, so maybe it won't matter.

And for everyone who also hadn't heard about this: https://money.usnews.com/investing/news/articles/2023-10-24/...

> AMSTERDAM (Reuters) - Several Dutch lawmakers on Tuesday challenged the Netherlands' Trade Minister over whether the U.S. has acted correctly in unilaterally imposing new rules regulating the export to China of another chipmaking machine made by ASML Holding.


What US ASML affair?


Maybe he means how ASML’s technology was developed by the US DoE and Intel and then licensed to ASML for political reasons including green lighting the acquisition of Cymer and deliberately excluding Canon from a license?

I mean maybe. A lot of Europeans seem pretty confused about ASML.


I weep for the Chinese researchers never getting funding and a moment in the sun, cause a incompetent secret service/insecure government prefers copying.

https://m.youtube.com/watch?v=cxrkC-pMH_s


There's nothing wrong with stealing and copying. After all, intellectual property is a mere legal fiction, it doesn't exist in the real world. You want to keep secrets? Don't share things with people, and especially don't try to sell your secrets.


All property is fiction if you squint hard enough at every human society convention. "they shouldn't have built a door" is not adequate defense against breaking and entering allegations.

A secure system for sharing information is basically a door with a lock. You break the lock and steal something, you have broken the law.


>You break the lock and steal something, you have broken the law.

Law enforcement at that scale is highly asymmetrical. Large powerful countries can act like bullies because "what are you gonna do about it?".

Yeah, we have the UN and international courts and what not, but those are toothless as without a superior power to act as the enforcer, they can wipe their ass with your laws, complaint or court ruling and do as they please anyway.


Granted!

However none of that implies:

> There's nothing wrong with stealing and copying.


I agree, this is why I have a solid door and have armed myself.


Attempt at edgy take but only ends up justifying 'might makes right'


"Might makes right" isn't a subject for justification, it is the natural state of the world. It's like asking for a justification for gravity. It's just a category error.


Unfortunately, might does make right. Violence is the ultimate authority and the fact most people don't acknowledge or willfully don't know this is embarrassing.


I'm not talking about ip, I'm talking about ip generating capability.


Not believing in or investing in your own biopower is really scary, yeah. The belief that once you steal some documents you'll be able to start doing the thing, the disbelief in having your own seasoned smart ingenuitous people who make stuff happen... It's kind of madcap to me.

It signals a very scary zero-sum mentality of getting ahead at any cost. But like, it's the college student who cheats on every exam... yeah you're getting good grades. Yeah you eventually figured out how to copycat the stuff. What's that worth? Is the output enough?

I do appreciate a lot though the counter view in this thread that IP is a made up fiction, that it's artificial, and that we could probably be much greater a world if we had reward mechanisms to give other than complete & total control for 20+ years.


No company can technologically defend against nation state level resources for industrial espionage.

The only solution is tit for tat damages.


That assumes they have a tit for our tat.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: