Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Look I worked at a company that built boards in China. Every board is xrayed to verify every level of the board for every trace. They are matched vs. known good perfect board. If anything is wrong the board is destroyed. The boards I am talking about where complex 26+ layer boards which is way more then any standard motherboard. HW wise this is not impossiable, just improbable. The better method would be in software, replacing the on board system management software (intel ME) for example with a compromised version. That is very doable.


I would think it would be much easier to validate software via simple hashing than physical hardware, via x-ray. Sure, you can verify traces, etc, but with current lithography at 14 nanometers, I have pretty much no doubt that there is no economical way to validate tens of thousands of meter-long boards.


You could see every trace on the board at each layer. A chip like this story talks about would standout. Also at each point on the board you could probe (traces) end to end. It’s complex. Also the is the integery testing .. a machine that has 1000s of needles that pushes down on the top and bottom of the board at each contact point and test the resistance and conductivity end to end. Put something in the board in the path and the numbers come back wrong.


Signal integrity is really important as it can lead to grey failures down the line. It is really important to find them before you stuff the boards with $$ of components that you can not save if the board is bad.


> A chip like this story talks about would standout.

Sure, you could see it, but to know it was wrong you'd have to have a non-compromised board to compare against. Or knowledge of every design and supplier decision, which Supermicro/Apple do not have.


You don't necessarily have direct access to the storage system for the software you want to validate.


In case anyone want to see how QA looks like in a factory, here's a video

https://www.youtube.com/watch?v=ljOoGyCso8s&t=22:28

(the whole vid is worth watching)


I absolutely agree. Putting a chip on the mobo seems the worse way of hacking into the hw and the supply chain. Replacing an existing part with a doctored one or patching the sw seems so much simpler.

Bloombergs "chipgate" fails Occam's razor and this whole story is losing credibility by the hour.


Yes, hardware implants would best be done by swapping out a BMC/IPMI/DRAC/ILO chip, eg, modifying it upstream in the supply-chain. This type of implant would be much less geo/politically-damaging, if discovered, and more difficult to notice (unless the client checks integrity of all Flash EEPROMs) and more difficult to track down.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: