Saturday, 27 October 2018

A detailed technical rebuttal of Bloomberg's "backdoored servers" article

Earlier this month, Bloomberg published a terrifying, detailed story claiming that Chinese spies had, for years, been sneaking hardware backdoors into servers used in data-centers run by companies like Apple and Amazon, as well as Congress, the Senate, the White House, Navy battleships and more.

The story drew rare, detailed denials from the companies involved and prompted lots of skeptical rebuttals. Bloomberg, meanwhile, stood by its story.

Now, Patrick Kennedy has written the most detailed technical rebuttal to the story to date, pointing out plausible reasons why the Bloomberg story couldn't be true.

For me the greatest mystery here is how Bloomberg could be so sure of its facts and how the companies it has accused of being hacked could be so thorough and public in their denials. Bloomberg says it's spoken to sources in the companies involved with direct knowledge, implying that either Bloomberg has been very sloppy in its work, or that there's a huge, elaborate conspiracy among current and former employees in several companies and branches of the US government to hoax Bloomberg -- or that all these companies and agencies have all conspired in their denials, despite the eventual crisis of trust that will break out when the truth is finally known.

Baseboard management controllers or BMCs are active on crashed or turned off servers. They allow one to, for example, power cycle servers remotely. If you read our piece Explaining the Baseboard Management Controller or BMC in Servers BMCs are superchips. They replace a physical administrator working on a server in a data center for most tasks other than physical service (e.g. changing failed hard drives.)

At the same time, the sensitive data on a system is in the main server complex, not the BMC. When the BMC is powered on, hard drives, solid state drives, the server’s CPU (for decrypting data) and memory are not turned on. If you read our embedded systems reviews, such as the Supermicro A2SDi-16C-HLN4F 16-core Intel Atom C3955 mITX Motherboard Review, we actually publish power figures for when a system is on versus when the BMC only is active. In that review, the BMC powered on utilizes 4.9W of power. SSDs each have idle power consumption generally above 1W and hard drives use considerably more even at idle. The point here is that when the server’s BMC is turned on, and the server is powered off, it is trivially easy to measure that the attached storage is not powered on and accessible.

When a server is powered off it is not possible to access a server’s “most sensitive code.” OS boot devices are powered off. Local storage is powered off for the main server. Further encrypted sensitive code pushed from network storage is not accessible, and a BMC would not authenticate.

Investigating Implausible Bloomberg Supermicro Stories [Patrick Kennedy/Serve The Home]

Detailed And Thorough Debunking Of Bloomberg's Sketchy Story About Supply Chain Hack [Mike Masnick/Techdirt]