> Two people with direct knowledge said the manipulation combined two pieces of code: The first was embedded in instructions that manage the order of the startup and can’t be easily erased or updated. That code fetched additional instructions that were tucked into the BIOS chip’s unused memory, where they were unlikely to be found even by security-conscious customers. When the server was turned on, the implant would load into the machine’s main memory, where it kept sending out data periodically.
Asking the obvious...
If this description is accurate, would the second piece of code probably be pretty easy to identify, as a suspicious extraneous block of bits, by a curious ordinary techie who rigged up a RasPi to read the Supermicro's BIOS flash? (Using a tutorial intended for Coreboot installation, for example.)
And does anyone know whether the first piece of code would be in that same flash (perhaps harder to find, as part of a blob of BIOS/init code), or stored in the BMC package, or somewhere else?
If it turned out that (alleged) backdoored units were widespread, or some rare (alleged) backdoored units possibly were mixed into the supply of cheap used Supermicro servers on eBay, or among units taken home when retired from IT people's workplaces... then might some random techie fiddling around at home find a backdoor?
And if someone did find a backdoor that way, would their first call be to their national authorities (to alert, and ask whether it would be bad if they talked about it), or to a journalist, or to post on social media, or to write a haxor paper/post?
I'm not going to look myself; just wondering whether this story might suddenly get more credible and problematic that way.
Asking the obvious...
If this description is accurate, would the second piece of code probably be pretty easy to identify, as a suspicious extraneous block of bits, by a curious ordinary techie who rigged up a RasPi to read the Supermicro's BIOS flash? (Using a tutorial intended for Coreboot installation, for example.)
And does anyone know whether the first piece of code would be in that same flash (perhaps harder to find, as part of a blob of BIOS/init code), or stored in the BMC package, or somewhere else?
If it turned out that (alleged) backdoored units were widespread, or some rare (alleged) backdoored units possibly were mixed into the supply of cheap used Supermicro servers on eBay, or among units taken home when retired from IT people's workplaces... then might some random techie fiddling around at home find a backdoor?
And if someone did find a backdoor that way, would their first call be to their national authorities (to alert, and ask whether it would be bad if they talked about it), or to a journalist, or to post on social media, or to write a haxor paper/post?
I'm not going to look myself; just wondering whether this story might suddenly get more credible and problematic that way.