Supermicro server with unrequested chip onboard


(Michael Kicks) #1

It’s quite few days that US media revealed some kind of… hardware infection into a device from SuperMicro installed into a server farm.

I do not work on that kind of hardware (most of time HP and Dell) therefore I do not have an opinion, but… What the community thinks about this kind of news?

Are there any SuperMicro users/enthusiasts that can tell me (us) something about this hardware producer?


(Dan) #2

I have a bit of SuperMicro hardware, and it’s pretty popular with the FreeNAS folks. Here’s a thread on the report on the FreeNAS forums:

Having read the article, I’m a little skeptical. There doesn’t seem to be any independent corroboration of the claims, no sources are named for the juicy bits (and therefore their credibility can’t be assessed), and the supposed capabilities of this tiny chip just don’t seem plausible. And Bloomberg isn’t exactly a tech-heavy publication.

Further, the article claims that multiple routes were used to inject the chips, including embedding them directly in the boards–yet another level of complication.

So, yeah, there’s a lot that doesn’t really add up. I’m not saying I’m convinced it’s impossible, but I’m not yet convinced (1) that it happened at all, or (2) if it did, that it’s something that would affect other users of that hardware.


(Michael Kicks) #3

I do not like talk about politics, but there are quite things noticeable…
U.S. started to fight a customs fee war with other countries, trying to earn money from goods, and try to earn money from export. Also… the “software license” tax of most US companies (Microsoft, IBM, Oracle, Apple, Google) is getting bigger. Therefore… China is one of the biggest IT/electronics manifacturer. So… Without hardware, what software will be able to run?
Chinese government acts quite like any other rich and bully government: they don’t want anyone messing around what they decide. Therefore… they kick hard.


(Robert Moskowitz) #4

Read Johna Till Johnson’s blog:

Johna has DOD contractors and other big companies as clients.

Read from my friends at Cambridge, UK (send from Jon Crowcroft):

https://www.lightbluetouchpaper.org/2018/10/05/making-sense-of-the-supermicro-motherboard-attack/

Finally IEEE Spectrum’s take:

and from last year: