Powerful Hardware Backdoor in Supermicro Motherboards

Apple and Amazon Web Services allegedly affected, but issued strong denials.

Bloomberg published an article claiming that the US Government uncovered a hardware backdoor planted by the Chinese People’s Liberation Army in server motherboards produced by

Supermicro, the world’s largest manufacturer of computer motherboards. The boards then made their way into the datacenters of US tech companies, including Apple, Amazon Web Services, and Facbeook. According to Bloomberg, the devices were discovered with the help of US investigators in 2015 and took the form of extremely tiny integrated circuits designed to look like standard surface-mount filter capacitors; filter capacitors are scattered by the hundreds across complex printed circuit boards (PCBs) to reduce electrical noise, making them the perfect form for a Trojan chip.

The backdoor chips were connected to the Board Management Controller (BMC), which provides Out-of-Band Management capabilities. A legitimate user of the BMC could remotely attach a virtual disc drive to update the operating system remotely, access the system display and control it with a remote mouse and keyboard, or modify low-level system settings such as which device to boot from. An attacker who compromises it can do that and more — the BMC by design has nearly unrestricted access to every piece of hardware on the motherboard. A compromised BMC could be used to pull cryptographic keys such as Bitcoin wallet private keys out of memory, overwrite authentication code to accept any password, or do basically anything else the attacker wanted.

Affected Companies Respond

Apple and Amazon both issued extremely strong denials of Bloomberg’s claims. Amazon claims to have “found no evidence to support claims of malicious chips or hardware modifications,” while Apple claims to have “conducted rigorous internal investigations” and have “never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.” Supermicro joined in the denial, stating that they have “never found any malicious chips, nor been informed by any customer that such chips have been found.” However, Apple and Facebook did acknowledge finding Supermicro servers with infected firmware in lab environments (where they had no access to user data) in 2016 and 2015 respectively. Apple cited the malware as a reason they ended their relationship with Supermicro afterwards.

One of Bloomberg’s named sources also cast doubt on the story, stating that while he discussed hardware backdoors with Bloomberg, it was in a theoretical context and did not intend for his statements to be taken as proof of a specific, real-world attack. The US Department of Homeland Security and the UK’s chief spy agency, the GCHQ, both issued independent statements casting doubt on the findings and backing Apple and Amazon’s claims. Bloomberg for their part stands by the story, stating that they have both third-party evidence and confirmation from high-level US government sources who confirmed the existence of the attack and its impact on Apple and Amazon.

The Chinese government issued a vague statement that affirmed their commitment to cybersecurity but did not address any specific claims.

How Could This Attack Have Been Detected?

Preemptive detection of this kind of attack with currently available tools and technology is sadly nearly impossible. Detection would require knowledge of the board layout that motherboard manufacturers including Supermicro rightfully consider sensitive proprietary information, and extremely careful inspection of the actual boards with expensive X-Ray machines.

Live detection is a little more feasible. The backdoor communicates with a command and control server using the server’s built-in network connection, so traditional tools such as firewalls and intrusion detection/prevention systems stand a good chance of catching it. ISE recommends using the most restrictive firewall configurations possible, such as denying all traffic destined to the public Internet for servers that don’t need the ability to communicate with the outside world, and using network level firewalls in addition to host-based ones. ISE also recommends using intrusion prevention/detection systems, which can detect unusual traffic patterns such as a sudden increase in traffic from specific servers or of specific types, which can be helpful in detecting compromised systems of all kinds. Both of these recommendations should be implemented as part of a general defense-in-depth strategy that gives each system only as much access to other systems and to the outside world as is absolutely necessary and never relies on a single layer of defense to prevent a full system compromise.

Another way to mitigate the damage of this kind of attack is to compartmentalize sensitive information such as cryptographic keys. Important certificates, bitcoin wallet private keys, and other information of this kind should be stored where possible on dedicated devices such as smart cards, hardware security modules, or hardware Bitcoin wallets. These devices store cryptographic keys in special secure computing elements which are inaccessible to the main CPU; when a cryptographic operation such as a certificate signature or a Bitcoin transaction is required, the CPU requests it from the hardware device and receives only the results, never seeing the underlying cryptographic keys. While a system compromised by this kind of attack could still be used by an adversary to for example make unauthorized Bitcoin transactions, the keys themselves would be protected from exfiltration.