If you thought the prospect of China getting spy chips into major US companies and their systems and networks through Supermicro motherboards seeing the company reportedly being infiltrated by members of China’s People’s Liberation Army was bad, well you ain’t seen nothing yet.
A new story is emerging that this entire spy chip game can be done much cheaper, according to Monta Elkins who works with Foxguard as a “hacker-in-chief”. Elkins will be presenting his discovery and work at the CS3sthlm security conference later this month, where using a $2 chip found on a Digismark Arduino he could hack and take over a Cisco ASA 5505 firewall server.
Elkins explained to Wired: “We think this stuff is so magical, but it’s not really that hard. By showing people the hardware, I wanted to make it much more real. It’s not magical. It’s not impossible. I could do this in my basement. And there are lots of people smarter than me, and they can do it for almost nothing“.
When this tiny chip is simply soldered onto the motherboard, it will impersonate an administrator as the server is booting and then begins a common password recovery feature. From there it has access to firewall settings, and can even be tweaked remotely for off-site hacking, after which the hacker has full access to fully disabling ALL security features and even accessing the full log of any connected devices.
The chip itself is soldered onto the bottom of the motherboard and not even hidden, with Elkins using the cheapest server board that he could find on eBay at the time. The chip could’ve been hidden behind radio-frequency shielding but was not as Elkins wanted to make it easier to disaply on diagrams.
Elkins explained: “What I want people to recognize is that chipping implants are not imaginary. They’re relatively straightforward. If I can do this, someone with hundreds of millions in their budget has been doing this for a while“.