Hacker News new | past | comments | ask | show | jobs | submit login

>A nation state adversary could trivially miniaturize this to the size and form of an SMT resistor, and use a much more capable uC in the process.

And sandwich it between the PCB layers. No way to find even upon close up inspection without Xraying the board itself, and even interpreting the Xray image of modern multilayer board would be a nontrivial task. I dont think Supermicro did it, at least for statistically meaningful set of boards.




Or just replace one of the existing chips on the i2c bus with an identical but malicious one.

I don't know how you would even detect that, short of decapping and scanning the die in.


That would be as easy as getting a same sized chip that is, say, an attiny, a bit of sand-papering and a laser to re-etch the package. If you had access to a wire bonding machine, not difficult, you could mount a second die in a de-capped package and cap it up with a bit of black resin. This would not require state level actors. Bunny Huang type of guys could do it.


I don’t think they have to use xrays. I heard that they spin the boards and measure the angular momentum with very sensitive equipment. I don’t know how you could get around that.


Spinning the boards is of limited use. The attacker now has a specific target to aim for.

It might be useful if nobody knows your doing it, but other than that it’s mostly pointless especially if you compromise every sample.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: