I’ve gotten lots of inquiries if I could analyze some hardware for or could recommend someone who might.
I’ll be blunt - most of you don’t need this. Here are some things you should consider before seeking out services like this:
1. It’s unlikely you’re affected. Really. Even assuming every claim is true, and even if there is a secret device on every single X brand motherboard, it’s unlikely you’re targeted by whatever payload the implant carries.
2. There are no published hardware indicators of compromise (IOCs). The device and placement referenced in the article are only representative and not actual devices. Having experienced hardware eyes on your board might pick out something odd, but won’t be conclusive.
If someone said that the implant was found inside a coupler, first I'd check component suppliers for couplers that might fit the bill. And the one displayed is pretty much the smallest one you can find with 'coupler' in the name.
A coupler is a filter - you'd normally have signals coming in & filtered signals going out the other side.
If you see a piece of alumina or ceramic and it has markings on top with a coupler's model number you'll assume that's what it is.
Perfect man-in-the-middle opportunity
Given a photo of a server motherboard, this was my response after a few minutes. You'll have to take my word i wrote this 4 Sept 2017.
" Well, you picked an easy one, it already has a backdoor :)"
"The ASPEED chip (1) is the BMC or Board Management Controller. It's an extra CPU on the system that is supposed to 'manage' the actual server that does all the work, like negotiating power supplies and storage connections with the rest of the servers in the rack."
There’s recent news about some really interesting hardware implants. I wanted to take a bit to share more technical thoughts and details that can’t be reduced to a mainstream article on the topic.
The core of the claim is that someone implanted extra components on some server motherboards that would do malicious stuff, subvert the system and possibly allow it to ‘phone home’. I looked at the claims through a technical and feasibility lens.
I’ve studied hardware implants for a few years now. I’ve done multiple reviews of server hardware looking for backdoors I profit, via @securinghw and @SecureHardware, from people being more interested in hardware security.
Congratulations, your talk has been declined! Many of us have been disappointed or relieved by a rejection in the past few days. As a follow-on to my previous post about the CFP process and writing an abstract, I figured it would be fitting to write a bit about what to do now.
Don’t worry, a post about what to do if you’re *accepted* should come right on time, about a week before Black Hat and Defcon.
It’s okay to be disappointed. You put lots of work into your research, and more into making it look good for the cfp. If you’re smart, you’ve been scrambling to deliver on the things you promised in case they asked for more info. It might feel like all that was a waste of time.
Thinking about submitting to a CFP? You should, no matter how n00b or 1337 you think you are. But picking the right topic and venue can be tough. My experience is mostly infosec but likely applies to many fields. These are some examples of talks l'd attend:
1. So you've been in the industry for a year (or more)? You've learned a lot. Share with others the resources you found helpful, the mistakes you made, and what you wish you knew a year ago. Many BSides have first time attendees and people looking to get into the field.
2. Saw a presentation of new research that blew your mind? Reproduce the work and share your successes and stumbling blocks. Experts may show off cool new stuff, but your experience is more relevant to most attendees.
Thread time! Why can't they just quickly patch #meltdown or #spectre and push out another cpu? Why could it possibly take years? Why don't they use AGILE or x/y/z? Lots of reasons:
(note: my goal is not to criticize chip manufacturers - it's to defend the constraints they have)
Let's start with a standard software product many are familiar with and work off that. First, every time you hit 'build' it's called a 'stepping', costs millions of dollars & takes several months. If you want a profitable product, you may only get 10 chances to press 'build'.
On top of that, half those 'builds' are not 'full layer steppings' meaning you can't change any logic gates, just how they're connected. Even with a full layer stepping you can't shuffle stuff around anywhere like you can with library files and whatnot.