Modchips of the State Hardware implants in the supply-chain

Modchips of the State Hardware implants in the supply chain. By Trammell Hudson @ https://media.ccc.de/v/35c3-9597-modchips_of_the_state

Hardware implants and supply chain attacks have been in the news recently, but how feasible are they, and what can we do about them? In this talk, we'll examine the design of a proof of concept SPI bus hardware implant that has similar capabilities to those described in the Bloomberg/Supermicro article as well as some countermeasures that we can use to try to detect these "modchips" and increase our trust in our systems.

We don't know how much of the Bloomberg story about hardware implants installed in Supermicro servers shipped to Apple and Amazon is true, nor do we know the story behind the story and the reasons for the vehement denials by all the parties involved.

However, a technical assessment of details of the described implants reveals that a supply chain attack on the hardware is definitely possible, that the capabilities of the BMC can be used to bypass OS protections, and that there are means to access the BMC that would not necessarily generate readily identified network traffic.

In this talk, we'll examine the design of a proof of concept SPI bus hardware implant that has similar capabilities to those described in the Bloomberg/Supermicro article as well as some countermeasures that we can use to try to detect these "modchips" and increase our trust in our systems.

BIO Speaker: Trammell Hudson

I like to take things apart.

I'm Trammell Hudson, a programmer, photographer, frequent hacker and occasional watchmaker. I enjoy reverse engineering things, restoring antique computers and making things blink. Sometimes I use my Amateur Extra rating (NY3U) and hack on Radio and RF projects. I also have other hobbies involving coffee, aviation, sailing and other vehicles. And on the weekends, I enjoy teaching classes at NYC Resistor.