A tech consultant and journalist specializing in server hardware says that some of the Bloomberg spy chip claims are completely implausible, while others are simply impossible.
We’ve commented before on the complete lack of technical detail in the Bloomberg report about how the supposed hack actually worked. Writing on STH, Patrick Kennedy opens his piece by referencing what he calls the ‘astounding plausibility and feasibility gaps in Bloomberg’s description of how the hack worked.’
Even smaller organizations with a handful of servers generally have segregated BMC networks. That basic starting point, from where large companies take further steps, looks something like this:
Further, he says, the Bloomberg spy chip piece says that the BMC has access to code running on the servers even when they are turned off. This, writes Kennedy, is ‘patently false.’
Even if that were somehow possible, the idea of a BMC injecting code into the CPU is contradicted by simple physics.
The piece goes on to list the ten separate tasks the chip would need to carry out were the Bloomberg spy chip claim correct. Even were we to allow for this being technically possible, Kennedy says that it would require such cutting-edge small-process fabrication that there are only a handful of foundries in the world that could have created such a chip. Only four of them seem realistic candidates:
This communication also happens at relatively high clock speeds, so keeping up with the bandwidth is a challenge for even CPU designers. There is no way for a small chip to attack the “temporary memory” (RAM) to CPU communication.
- TSMC
- Intel
- Samsung
- Global Foundaries
The idea that one of these tech giants would risk their reputations and business by creating a spy chip for China stretches credibility way beyond breaking point. If it were revealed that one had done so, they would quite simply go out of business as no-one would trust their chips ever again.
There’s more – including why it would make way more sense to mount this type of attack through firmware rather than a hardware chip; examining the sources claimed in the Bloomberg spy chip story; and looking at the track-record of the team behind the piece.
Kennedy closes by adding his voice to those calling for a retraction.
“Something is wrong. Blanket denials from companies, NCSC and DHS are v. unusual. The only precedent for this is a 2014 Bloomberg article, by the same author, which claimed NSA exploited Heartbleed, and was vigorously knocked down with zero follow up by Bloomberg or correction.”
— Andy Jassy (@ajassy) October 22, 2018
It follows Super Micro joining Apple in calling for a retraction.
Follow all our coverage of the Bloomberg spy chip claims.
Image: Shutterstock