A manufacturing expert says that it's possible that spies insert malicious chips into servers



[ad_1]

Could Chinese spies secretly insert malicious chips into printed circuits sold in the United States to the military, to Apple and to Amazon?

It's a disconcerting possibility – but that's exactly what Bloomberg reported in a highly reported research article this week. He claimed that a supplier named SuperMicro, maker of motherboards, had been infiltrated by spies several years ago.

Blurring the tracks, all parties involved strongly deny the report, even if Bloomberg sticks to his reports. Amazon said inaccuracies are "hard to count." Apple issued a 750-word statement, calling the report a fake.

It is not surprising that the situation is not clear. The story addresses issues of international espionage, high-tech manufacturing and the world of information security, three of the world's most secretive realms.

In the end, it is possible that we never know with a high degree of certainty what has actually happened over the past three years, with regard to the SuperMicro supply chain.

But according to an expert in high-tech manufacturing, it's quite realistic to think that one and the same bad actor could change the design of a circuit board and that it would only be caught when the finished product would be in the wild.

"There is so much complexity in these products," Anna-Katrina Shedletsky told Business Insider during a phone interview. "I think what's really great about this Bloomberg GIF is the top of their article."

"You see how tiny this chip is? It's impossible for a human inspector to see it while it was not supposed to be. Even the engineer who knows very well the structure of this design may not be aware of it, "she continued.

Shedletsky would be able to detect the problems related to contract manufacturing. She is co-founder of Instrumental, a company that uses the learning machine to combat manufacturing defects. She estimates having spent 500 days in factories in China and around the world, first as a product designer engineer at Apple for six years, then role as CEO of Instrumental.

"I think based on the methodology of designing and manufacturing these pieces, that it 's a national actor or even someone else' s, I do not think it's difficult to inject elements that the brand or design team has not intentionally created. ask, "she says. She believes that high-resolution digital photos of printed circuit boards, which are one of Instrumental's main products, will become more and more important as more and more businesses are put in place. controls on the supply chain.

All electronic devices have a circuit board

Instrumental co-founders Anna Shedletsky and Sam Weiss.
Instrumental

Shedletsky has no direct knowledge of the Bloomberg report or the way SuperMicro manufactures, and does not know what to think, given the strong and detailed denials provided by the companies involved.

"I do not know what to believe, but at the same time, it does not really matter because it's possible, and we have to act as if it's true to solve the problem, "she said.

After all, Bloomberg says the spies were able to put an unwanted chip on a printed circuit board. All electronic devices have a printed circuit board, she says. And often, a person can edit the computer file containing the pattern.

"The manufacturer does not even have to be bad," she explained in general. "You just need someone who will change the reference design and click on save, it will now touch any customer who pulls this reference design, for a rather generic server."

These parts are subject to inspection before being packaged and shipped, but this type of inspections is not configured to detect added items. They are often more concerned with common problems, such as whether the solder has been applied correctly. And if the design document were changed, these tests would not detect it either.

"It would be very easy to get any of these tests.These tests are based on what is called the" Gerber File "or the computer-aided design of what is supposed to be on the table, "she explained.

Counterfeits are a problem that has been raised in his experience. Sometimes, she added, factories can replace a printed circuit board chip with cheaper and counterfeit alternatives, and the company that made the product is only aware of it when it was shipped. .

Reuters Photo Archive

"A friend of mine made a product and their batteries started to smoke," she said. "The root cause was that the power chip was a cheaper version that was not part of the design.It had less circuitry, but it looked like a power chip and some sort of function, but that was not a good thing. was a "low cost" model, as if it was a cheaper chip. "

There are also different levels of security in different factories, she said. In some cases, everything is locked and controlled. In other cases, printed circuit boards and other components are considered less critical than items such as enclosures, which can be considered super secret.

In general, however, she is not worried that mainstream devices, such as smartphones, big, well-endowed brands like Apple, are vulnerable to hardware attacks, as Bloomberg claims.

But that still leaves a lot of vulnerable products.

"Even if it's true or not, if you were a SuperMicro customer for the last four years, you might be thinking for five years: is any of our server cards having problems?" Said Shedletsky. "I would wonder if I was a customer, because it's so plausible, there could be more than we do not know."

[ad_2]
Source link