Though the companies named in a blockbuster Bloomberg story have denied that China hacked into Super Micro Computer hardware that shipped to Amazon, Apple and nearly 30 other firms, a recent demonstration at hacking conference in Germany proves the plausibility of the alleged hack.
Security researcher Trammell Hudson demonstrated how easy it is to place a tiny implant on a hardware motherboard that can interface with the baseboard management controller (BMC). His hack could allow a hacker to run code or take over other aspects of a hardware communication and power system, providing another means of system access for nefarious purposes.
In a presentation at the recent 35th Chaos Communication Congress, Hudson ran a live demo of an implant he developed and clipped into a hardware motherboard that connected to the BMC. Using his implant, he was able to reconstruct the hardware clock and figure out the implant’s position in the file system, allowing it to inject new data into the Non-Volatile RAM cache of the file system. In his presentation, Hudson showed how he was able to run a small shell script as well as arrive at a screen that allowed him, without a password, to run commands as root on the BMC.
“It’s really unfortunate that these chips are not well put together,” Hudson said of the baseboard management controller in his talk. “You have no protection against attacks, no ability to detect an attack happened and there is no ability to recover from an attack. Having an attack on the BMC is a really big deal.”
The threat is real
Supply chain attacks such as Hudson’s and the actual attack described in Bloomberg’s report have long been feared, but none has been observed directly “in the wild.” Hardware security expert Joe Grand of Grand Design Studios was quoted in the Bloomberg story as likening the discovery of real supply chain attack as akin to witnessing “a unicorn jumping over a rainbow.” But Hudson’s demo suggests that might be an overstatement. In it, he showed the possibilities of access hackers could gain to hardware if they manage to install implants on motherboards that slip through the supply chain undetected and end up in servers run by companies with large data centers.
Indeed, this is exactly what a thoroughly sourced Bloomberg report published last October claimed happened to Super Micro motherboards that were shipped to Apple, Amazon and nearly 30 other companies, including a major bank. Hudson’s demo was in response to fervent denial by the companies that what was outlined in the article ever occurred.
Hudson addressed a denial claim by Super Micro that it’s “technically implausible and highly unlikely” that unauthorized hardware–even if it made it through the supply chain–would function properly because third-party hardware tacked onto a proprietary system would lack complete knowledge of the design of the motherboard.
“I think that’s inaccurate both because we know the NSA does it and also because I’ve done it,” Hudson said. His first comment refers to known activity by the National Security Agency (NSA) to intercept shipments of computer hardware and have its tailored access operations open the hardware, install implants and then send the shipments to their intended destinations, Trammell said.
“The NSA even has a catalog of hardware implants as well as firmware-specific ones,” he said, providing a scenario that “is really ideal for this supply-chain attack because it allows them to contain the exploit to a single customer and also allows good concealment and good cover-up.”
The second comment refers to the demo Hudson himself performed at the conference, which clearly shows how he infiltrated and controlled a hardware system through an implant on the motherboard.
“Really all that you need to know is these are common components,” Hudson explained. “These flash chips show up on all the boards. You can search the Internet for the data sheet and find exactly how it’s wired into the rest of the system. And the only thing we need to know to communicate to the BMC is the serial output pin from this component.”
Why the BMC is insecure
The key reason the hardware implant is so dangerous is indeed its connection to the BMC, something that was outlined extensively in the Bloomberg article. The BMC is “a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off,” according to the Bloomberg article.
Indeed, the BMC has access to and authorization to control and/or interface with various aspects of a hardware system, including power supplies, LAN ports, OS installations, file systems and others, Hudson said.
All in all, the BMC has “way too many privileges,” he said. “It’s connected to pretty much everything else in the system,” Hudson said. This makes it, as mentioned before, very difficult to secure inherently, as well as very difficult to control an attack that leverages it once it occurs and spreads through the hardware and even onto other systems. What’s even more concerning is these hardware implants cost virtually nothing for hackers to implement if they have access to the supply chain and can get them into motherboards, he said. “These are not multi-million-dollar attacks–these are five euro bits of hardware that we have to be worried about,” Hudson said.
Super Micro has consistently denied that its motherboards were compromised. More recently, the company claimed an audit failed to turn up any evidence of a malicious implant. Apple, Amazon and other vendors have also strenuously denied the allegations in the Bloomberg report.
In an interview on The Security Ledger podcast, Grand said that slipping a malicious implant onto a motherboard wouldn’t constitute a security “check mate” for downstream users of that hardware. “Even if the hardware is there and there’s some kind of manipulation on the system, at some point if you have this command and control happening, the device is opened to the Internet,” Grand told me. “If there’s some kind of network traffic coming from these devices, then why is nobody seeing this?”
True, even if its false
The moral of the SuperMicro story may be that the story is “true,” even if it is not factually accurate, Dave Aitel of the firm Cyxtera told me in a recent podcast interview. In other words, in an era of nation state actors, Aitel observes, no hardware, software, company or person is safe from predation.
“Its almost more true if its not true,” Aitel tells me. “We know that what could happen in cyber always does happen in cyber. Someone going to fund it. Its not that expensive to do,” he told me. “Whether and not the details in particular for any of these things are correct, we need to have a massive equities discussion about what nation states will do to supply chains.”
Open systems for more security
In order to mitigate issues that stem from implants used as outlined in the Bloomberg story and demonstrated in his presentation, network and security administrators moving forward must take a different approach to hardware and the data center, Hudson said.
He suggested that network administrators look to recent guidelines from National Institute of Standards and Technology (NIST) in NIST Special Publication 800-193 that take a more holistic approach to hardware systems as one model for providing more secure hardware systems. However, that implementation roots authorizations in the trusted platform module (TPM), which–while it “is good tool for securing our systems”–also is subject to hardware implants that can compromise the system, Hudson warned.
Other, better options for securing hardware may lie in trusted execution environments such as SGX and Armed Trustzone, he said. “I think these have a lot of promise especially for trusted cloud computing,” Hudson said.
Hardware routes of trust such as Google Titan, Microsoft’s Azure and Apple’s T2 also are potential options for better hardware security, he posited. However, Hudson believes that proprietary solutions for security hardware do so “at the expense of user freedom.” The real way forward, he believes, lies in open system design.
“The real way of solving this problem is we need to get rid of a lot of these secrets,” Hudson said. “Having a secret motherboard design does not make you more secure.”
He pointed to examples like the Open Compute project as one way to make hardware systems more transparent and thus more secure by allowing “motivated customers” to peer under the hood of their hardware purchases to ensure that they buy exactly the systems they think they’re buying.
“[This] is a good vision for how we can move forward,” Hudson said.