I’ve been saying for years now that the US’s reliance on cheap Chinese labor would lead to mission critical systems being compromised. This story from Bloomberg sheds a light on a physical hardware hack originated in China’s manufacturing and labor force, perpetuated by the Chinese government & spy agencies.
The story is long, but it’s worth the time to read it. You will be shocked at the sophistication of the hardware hack- China’s spy agencies have compromised the manufacturing of server components that are destined to be installed in major US companies, and even worse, high level US agencies. The physical size of the added component on the server makes it incredibly hard to detect. Check out the images below to get a idea of how small the part is.
There are reports that the next level of the hardware hack has the part being imbedded between the layers of fibreglass that makes up the server motherboard. You’d need something like an x-ray machine to detect the ‘extra’ part of the motherboard.
The US government is aware of the hardware hack, but according to the article, few companies have the resources of Apple and Amazon to create solutions for identifying the hack. Despite the vast resources and technically advanced resources available to companies like Amazon and Apple, it took some luck even for them to spot the problem. “This stuff is at the cutting edge of the cutting edge, and there is no easy technological solution,” says someone close to the problem. “You have to invest in things that the world wants. You cannot invest in things that the world is not ready to accept yet.”
The article states that approximately 30 entities/companies have been identified as having been affected by the hardware hack. None of the commercial corporations identified have chosen to lead with security of their products. Instead they have stuck with the cheap Chinese labor force. It does sound like Apple has quietly replaced the known to be hacked servers, and they have cut all ties with the company who supplied the bad servers to them. Amazon’s response is much less clear.
Now that I think about it, I wonder if in part this situation is part of the reason Apple is designing their own processors. While so far they’ve really only done the CPU/GPU for the iPhone, it’s possible they may be developing their own server hardware too. Apple is notorious for their secrecy. While Google wasn’t mentioned in the article, they have been manufacturing their own servers and cloud hardware for several years now. I find it hard to believe that the government didn’t notify them about this since they are one of the largest tech companies in the world. Again, it’s very possible that their internal development of hardware is related to this.
It’s quite clear that China is, and will be in the future, using it’s position in the manufacturing and logistics of high tech components to spy on the United States. It’s even possible they’re using information stolen from US companies to make better spying gear. How crazy is that idea?
The US government has openly warned companies and their own departments about using products from Chinese companies ZTE and Huawei. The US states that they believe these companies have strong ties to the Chinese government, and that their products can’t be used by any government department. Neither of those companies were named in the article, but it goes to show that the US and its spy agencies are actively keeping an eye on Chinese companies.
tech2news4you 