Security: Is this China’s great hardware hack?
China could be stealing corporate and government secrets with a tiny microchip “not much bigger than a grain of rice,” saidJordan Robertson and Michael Riley in Bloomberg Businessweek. According to U.S. officials, those spy chips have been found on motherboards sold by a U.S. company called Super Micro, and were likely placed there by the People’s Liberation Army as the boards were being assembled in Chinese factories. While Super Micro is not a household name, its compromised servers—computers that manage networks of computers—sit at the heart of the internet. They are used by major U.S. cloud-computing firms, including Apple and Amazon, as well as by the Pentagon and CIA. Investigators say the tiny chips would allow Beijing to spy on infiltrated computer networks, “stealth access that spy agencies are willing to invest millions of dollars and many years to get.” China has a unique advantage in executing this kind of operation because it makes most of the world’s computer components. Still, ensuring that doctored devices make it through the global supply chain to their intended destination is so difficult that one hacker likens this attack to “witnessing a unicorn jumping over a rainbow.”
If this hardware hack is real, then it’s “a manifestation of the tech industry’s worst fears,” said Lily Hay Newman in Wired.com. But it’s unclear if the attack actually happened. Apple, Amazon, and Super Micro have all vociferously denied being compromised by the Chinese, and the Department of Homeland Security says it has no reason to doubt those denials. What’s important is that this hack “is actually plausible,” said Nicholas Weaver in LawfareBlog.com. Most circuit boards are filled with support chips, “and the backdoor chip would appear to be just another faceless component to all but the most detailed examination.” It’s also within the power of China’s totalitarian government to “bribe, threaten, or cajole” Chinese subcontractors into letting them modify the boards. Even if this alleged attack turns out to be “a false alarm, it is a sobering wake-up call.”
So what can we do to counter the threat? asked Ian Bogost in TheAtlantic.com. As long as computer components can be made faster and cheaper in China than in the U.S., there’s little likelihood of companies rebuilding our offshored semiconductor and motherboard-manufacturing industries. Even devices stamped “Made in the USA,” such as Apple’s Mac Pro desktops, use components produced in China. Revelations of Beijing’s ability to exploit our reliance on Chinese high-tech manufacturing could lead President Trump to intensify his trade war with China. Investigators will likely soon confirm whether or not this hack is real. But “it is a real crisis no matter the outcome.”