[coreboot] Is this fake news or not? Bloomberg says China is using a rice-sized chip to hack amazon servers.
Jonathan Neuschäfer
j.neuschaefer at gmx.net
Fri Oct 5 06:00:28 CEST 2018
On Thu, Oct 04, 2018 at 04:00:32PM +0000, fightfakenews via coreboot wrote:
[...]
> The only techinical information they give is: The chips could do all
> this because they were connected to the baseboard management
> controller, a kind of superchip that administrators use to remotely
> log in to problematic servers, giving them access to the most
> sensitive code even on machines that have crashed or are turned off.
> (It sounds like something related with the IPMI? Is this really can be
> done? Even this can be done, can this be used to access data?)
Yes, this sounds possible. Hijacking the BMC's connection to the flash
memory from which it boots (which has been speculated to be the attack,
by various people on the internet) can in principle let an attacker
backdoor the BMC's firmware. And BMCs have a lot of control over the
host system, which may include DMA. See for example this presentation,
about a different BMC implementation, esp. page 72 onward, "BMC to host":
https://github.com/airbus-seclab/airbus-seclab.github.io/blob/master/ilo/RECONBRX2018-Slides-Subverting_your_server_through_its_BMC_the_HPE_iLO4_case-perigaud-gazet-czarny.pdf
(Side note: I used the term "BMC" (baseboard management controller)
here, but BMCs are sometimes called IPMIs, after the main protocol they
historically implement, IPMI.)
Greetings
More information about the coreboot
mailing list