Страницы

Tuesday, January 21, 2020

Cybersecurity

More Questions as Expert Recreates Chinese Super Micro Hardware Hack

Though the companies named in a blockbuster Bloomberg story have denied that China hacked into Super Micro Computer hardware that shipped to Amazon, Apple and nearly 30 other firms, a recent demonstration at hacking conference in Germany proves the plausibility of the alleged hack.  
Security researcher Trammell Hudson demonstrated how easy it is to place a tiny implant on a hardware motherboard that can interface with the baseboard management controller (BMC). His hack could allow a hacker to run code or take over other aspects of a hardware communication and power system, providing another means of system access for nefarious purposes.
In a presentation at the recent 35th Chaos Communication Congress, Hudson ran a live demo of an implant he developed and clipped into a hardware motherboard that connected to the BMC. Using his implant, he was able to reconstruct the hardware clock and figure out the implant’s position in the file system, allowing it to inject new data into the Non-Volatile RAM cache of the file system. In his presentation, Hudson showed how he was able to run a small shell script as well as arrive at a screen that allowed him, without a password, to run commands as root on the BMC.

No comments:

Post a Comment