{"id":9318,"date":"2019-10-13T06:51:05","date_gmt":"2019-10-13T10:51:05","guid":{"rendered":"http:\/\/pappp.net\/?guid=e2374e01d0f2806860c6c0e28ef8626c"},"modified":"2019-10-13T06:51:05","modified_gmt":"2019-10-13T10:51:05","slug":"planting-tiny-spy-chips-in-hardware-can-cost-as-little-as-200","status":"publish","type":"post","link":"https:\/\/pappp.net\/?p=9318","title":{"rendered":"Planting tiny spy chips in hardware can cost as little as $200"},"content":{"rendered":"

Source: Ars Technica<\/a><\/p>\n

Article note: The ongoing game of there being no evidence for that high profile Bloomberg implant article, but it being obviously not-that-hard for such a thing to happen makes for interesting theorizing and reading. \r\nI expect we'll eventually find an example in the wild, but probably not where they claimed.<\/div>
\n
\"Planting

Enlarge<\/a> (credit: Carl Drougge<\/a>)<\/p> <\/figure>

<\/a><\/div>\n

More than a year has passed since Bloomberg Businessweek<\/em> grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain<\/a> that allowed Chinese hackers to spy deep into those networks. Apple, Amazon, and Supermicro<\/a> all vehemently denied the report. The National Security Agency dismissed it<\/a> as a false alarm. The Defcon hacker conference awarded it two Pwnie Awards<\/a>, for \"most overhyped bug\" and \"most epic fail.\" And no follow-up reporting has yet affirmed its central premise.<\/p>\n

But even as the facts of that story remain unconfirmed, the security community has warned that the possibility<\/em> of the supply chain attacks it describes is all too real<\/a>. The NSA, after all, has been doing something like it for years, according to the leaks of whistle-blower Edward Snowden<\/a>. Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company's hardware supply chain. And one of them has demonstrated that it doesn't even require a state-sponsored spy agency to pull it off—just a motivated hardware hacker with the right access and as little as $200 worth of equipment.<\/p>\n

<\/p>\n<\/div>

Read 14 remaining paragraphs<\/a> | Comments<\/a><\/p>

\n<\/a> <\/a> <\/a> <\/a>\n<\/div>","protected":false},"excerpt":{"rendered":"

Enlarge (credit: Carl Drougge)
\nMore than a year has passed since Bloomberg Businessweek grabbed …<\/p>\n

Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226],"tags":[],"class_list":["post-9318","post","type-post","status-publish","format-standard","hentry","category-news-2"],"_links":{"self":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/9318","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9318"}],"version-history":[{"count":0,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/9318\/revisions"}],"wp:attachment":[{"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}