Confusion on What is Hacked, the CPU Perhaps?
While Bloomberg’s paragraph we just analyzed is rife with inaccuracies on the BMC attack, earlier in the article it was called a CPU hack. Here is the paragraph from the article we are going to analyze:
In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips’ operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. (Source: Bloomberg with emphasis added to highlight key points for discussion)
When the article described the hack, as discussed earlier, it utilized a BMC vector. Since we established that the chips, if they could exist (more on this later), would simply alter the BMC, then the instructions would be downloaded (they could not) and attack the CPU complex from there.
Key though is the language that the implants in the hardware were acting on the CPU’s temporary memory. We established in our first piece, Bloomberg Reports China Infiltrated the Supermicro Supply Chain We Investigate, that the hardware implanted does not have the pin count nor the processing power to perform this interception. Here is a dual Intel Xeon E5 V3/ V4 platform from Supermicro from the era in question.
Note that RAM to CPU communication happens over thousands of pins. Each CPU has 2011 pins for communicating with the rest of the server. RAM pins take up several thousand of these channels. Note, in current generations, the 2011 pin sockets were replaced with 3647 pin sockets (and more for AMD EPYC.) Memory locations have been largely randomized for many years. This communication also happens at relatively high clock speeds, so keeping up with the bandwidth is a challenge for even CPU designers. There is no way for a small chip to attack the “temporary memory” (RAM) to CPU communication.
When we authored our original piece, we also looked at the feasibility of the SATADOM, a local OS storage, interface. Readers pointed out that the small SSD is not considered “temporary” storage since it is persistent. Attacking persistent storage or add-on cards would present other challenges, but this is between the motherboard’s temporary memory and the CPU.
Even if Bloomberg’s report mistakenly misused CPU in this paragraph instead of BMC, the BMC RAM as temporary storage is troublesome. Generally, BMCs have a single RAM package. Here is an example of a PCB without a BMC and its associated RAM package and flash storage set:
There are a few takeaways. First, in a chip the size of what Bloomberg Businessweek depicts multiple times, one cannot monitor dozens of data pins and traces coming off of RAM (right-hand set of pads for package placement) to inject code. The chip would need to be significantly larger to have the pin count to monitor any RAM temporary device.
Computers also have on-die cache memory, but Bloomberg stated that the hack happened at the motherboard level, and on Supermicro, not Intel hardware. Inserting traces into a modern chip package after it has been fabbed is essentially impossible given today’s technology.
Bloomberg cited “two people familiar with the chip’s operation” but there seems to be a disconnect between its description and how such a small device has the physical pin space, let alone the processing power to monitor so many high-speed pins.
Intercepting temporary memory of a modern CPU via a motherboard component is not easy. If you look at, for example, the IBM POWER9 DDR4 memory controllers, an enormous amount of die space on a large chip is used to deal with memory. A large number of pins and high-speed signaling make it unlikely that such a small chip could do the job. Just the die area IBM, Intel, Marvell/ Cavium, AMD and others use for DDR3/DDR4 connectivity and processing is larger than Bloomberg’s alleged device both for silicon size and pin counts.
A Quick Note on the Ordering or Injecting
The last part of that passage we wanted to discuss briefly:
The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. (Source: Bloomberg Businessweek with emphasis added to highlight key points for discussion)
Many parties such as Apple and Amazon have pointed out that they believe that the Bloomberg Businessweek reporting staff was confused. We have had readers suggest this “altering of the instructions the CPU was meant to follow” sounds a lot like the Spectre/ Meltdown (many vendors) or L1TF (Intel) vulnerabilities. This is vague enough that we will let our readers draw their own conclusions.
The “or” in this a huge statement. In order for this statement to be correct, the implant chip itself must have logic built in to execute one of two different commands. This sentence says that the “implant… placed on the board… to effectively edit this information queue” in one of two ways. This paragraph is talking about the CPU, a term of art and something that is labeled as such on every server motherboard. This is not talking about the BMC as the BMC discussion that we covered above was later in the article. Based on what is in the article, this is attacking CPU to temporary memory and the BMC. If it is simply a BMC hack, it would be an implant on the board attacking the BMC, not a labeled term of art, the CPU. Perhaps this is more confusion, so we will assume that this is a technical error by the Bloomberg report to help “dumbing the story down” for non-technical audiences.
That “or” presents an implication. Assuming such a small chip could be placed on the motherboard in a way that attacks the CPU to temporary memory communication, this chip needs to store its payload, it needs to communicate across motherboard communication pathways, and make logic-based decisions. That is a lot of functionality for a small IC package. Therein lies the next challenge.