Covert Insertion of Surveillance Chips Into Motherboards by China
Recently, Bloomberg News, The Times [of London]; and Wired Magazine, have reported on the insertion of chips by Chinese factories into servers designed in the United States, which were used to secretly access the networks the hardware was connected to. A Portland, OR based company, Elemental, supplied servers to Amazon designed to assist with video compression. The manufacture of the servers was handled by Super Micro Computer, Inc., of San Jose, CA, which outsourced part of the work to subcontractors in China, that allegedly inserted chips not part of the original design. These servers are used by the Department of Defense; the United States Navy; and as part of the CIA's drone program. Hardware implants are extremely difficult to implement. Nevertheless, Bloomberg reports that America's largest company, Apple, found that someone installed these malicious chips. "Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards."
Elemental Technologies was created in in 2006 to market code for graphics chips designed to handle the increased demand for streaming online video. The chips were designed to look like different motherboard parts (e.g., signal conditioning couplers). Some of these chips altered Linux operating system code to prevent servers from checking for passwords. According to a study at the University of Michigan, the chips could be used to get full access to operating systems, and hardware security analysis would not be able to find the chips.