Jump to content
Sign in to follow this  

Investigating Implausible Bloomberg Supermicro Stories

Recommended Posts

Today we are going to more thoroughly address the Bloomberg Businessweek article alleging that China targeted 30 companies by inserting chips in the manufacturing process of Supermicro servers. Despite denials from named companies and the technology press casting some reasonable doubt on the story, Bloomberg doubled down and posted a follow-up article claiming a different hack took place. In this piece, we are going to present a critical view of Bloomberg’s claims, as supported by anonymous sources, in order to allow our readers to decide for themselves the credibility of Bloomberg’s reporting in this case.

Technical Lightness or Inaccuracy

This is a long article. In the first section, we are going to discuss why there are some fairly astounding plausibility and feasibility gaps in Bloomberg’s description of how the hacks worked. The weakness in this section of the Bloomberg article makes it extremely difficult to navigate and it is light on details. We are going to evaluate some of the parts in isolation, and also discuss some of the logical outcomes. In our first investigative piece, Bloomberg Reports China Infiltrated the Supermicro Supply Chain We Investigate, we went into some detail about why a motherboard and hardware for a motherboard is a very difficult way to hack a BMC. If you have not read our Explaining the Baseboard Management Controller or BMC in Servers that should be a precursor to reading the next section. STH has a relatively technically minded audience, so we are going to assume our audience has at least the knowledge imparted in that article.

Read more.


si ... Insecure Firmware Updates in Server Management Systems

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...