HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mhjas

no profile record

comments

mhjas
·há 8 anos·discuss
It is straight forward to compromise the BMC, it isn't straight forward to hide a backdoor in the BMC in front of some of the best security researchers in the world. Especially with such attack being well known and seemingly trivial to check for.
mhjas
·há 8 anos·discuss
I just don't think the relationship between those two things you are describing exists. If the Chinese government approaches a Chinese manufacturer with the goal of compromising US software companies adding some sort of chip that reconfigured the hardware would be the most straight forward thing for them to do.

If anything I think the idea that a Chinese manufacturer with complete access to the hardware having to execute some exploit towards the web interface to get access is far fetched. So is that you could pretend to update the firmware (surely no one is going to notice that the new version doesn't have the features you wanted?) and that dumping the firmware would be inconvenient (it would be the first thing you did if you suspected something).
mhjas
·há 8 anos·discuss
I don't really see why everyone is calling this implausible. Modchips have been around for at least 15 years. The idea of the clipper chip is 25 years old. At every hacker conference there are people "hacking" devices by various buses or interfaces.

If there is anything working against the Bloomberg story it is that it is too plausible. Often reality clashes with imagination, but the Bloomberg story contains almost everything you could imagine happening.