US officials have shared details of a widespread hardware hack which saw Chinese spies infiltrate 30 American companies, including Amazon and Apple, in 2015 by planting rice-sized computer chips onto their server motherboards which gave hackers access to sensitive consumer and government data.
Nicolas Waisman, VP of Security Consulting at Cyxtera:
“The supply chain is always at risk so it’s not surprising to learn about this implant vulnerability. Our team uncovered BMC vulnerabilities earlier this year and reported that they could easily be exploited for malicious purposes, with or without a backdoor implant. The only dependency was a network connection. Once compromised, we found that it was 100% possible to launch an attack using remote code execution. The bottom line is that BMCs, or any system with network access, is vulnerable to attack. It’s doesn’t require an implant from a nation state adversary. Organisations must protect themselves by practicing defence-in-depth, especially across their supply chain. Additionally, it’s important to isolate systems at the network level. In our research, we were able to mitigate the risk of inbound calls to the BMC and lateral movement using software-defined perimeter solution.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.