quote:

Originally posted by ScreamingCockatoo:
Can't tell me the engineers at Apple didn't spot this on their board.

No they couldn't. Apple engineers don't have the BOM (bill of materials) nor the diagram of the motherboard, so no real way they could tell whether a tiny chip is supposed to be there or not.

Ban all Chinese electronics? Might be difficult to achieve instantly without significant disruptions. However, there is more than one way to skin a cat.

Announce an immediate 60% tariff on all Chinese electronics and electronic components. With an automatic 10% increase in the tariff rate every month. Watch how fast manufacturers switch.

By the time Trump is reelected, the rate would be 300%. By the time Ivanka is elected, the rate would be almost 800% and still climbing.

quote:

Originally posted by Gustofer:

quote:

Originally posted by markand:
Upon reflection, I didn't go far enough in my earlier post. If we stop importing Chinese products, not only will we have no electronics, we'll soon have no cars, appliances, and no tools to assemble and service cars and appliances. Certain foods will disappear from store shelves and our clothing choices will drastically diminish while prices for what few things are available will skyrocket. We'll have wood, but few tools to work it and few fasteners to hold it together. Not happy about that state of affairs at all, but I think we're going to have to figure out how to make it work. Not bugging everything they sell us would be a good start.

Think of all of the jobs we'd create here if we started doing all of this for ourselves again. If memory serves, prior to the 70s we were doing just fine without China's assistance in building/making everything we own.

And your I-widgets would all cost some multiple of what they cost now. I don't think Americans will sit still for $3000 phones.

quote:

Originally posted by jhe888:

quote:

Originally posted by Gustofer:

quote:

Originally posted by markand:
Upon reflection, I didn't go far enough in my earlier post. If we stop importing Chinese products, not only will we have no electronics, we'll soon have no cars, appliances, and no tools to assemble and service cars and appliances. Certain foods will disappear from store shelves and our clothing choices will drastically diminish while prices for what few things are available will skyrocket. We'll have wood, but few tools to work it and few fasteners to hold it together. Not happy about that state of affairs at all, but I think we're going to have to figure out how to make it work. Not bugging everything they sell us would be a good start.

Think of all of the jobs we'd create here if we started doing all of this for ourselves again. If memory serves, prior to the 70s we were doing just fine without China's assistance in building/making everything we own.

And your I-widgets would all cost some multiple of what they cost now. I don't think Americans will sit still for $3000 phones.

The market would figure it out. It has a way of doing that somehow.

At some point, we’ll recognize that artificially inflated wages and pensions are not sustainable for society. Slave labor in China helps to enable such behavior here.

Perhaps that point will be too late when China turns off our servers and networks and declares war. China is not interested in a happy coexistence. They want global domination.

the phone isn't worth $3000

its barely worth $500, paid for over 36 or 60 months so I see the cost of the electronic phone being irrelevant - the money is in the service plan

the gear is throw-away

get manufacturing back in the hands of Americans

we didn't get to the moon by importing Chinese spacecraft

quote:

Originally posted by ScreamingCockatoo:
Can't tell me the engineers at Apple didn't spot this on their board.

Not just spot it on the board, like it was sitting there all on its own, but how the hell did it get integrated into the design and functionality of the circuitry, and then folded into the manufacturing process of whatever it was mounted on?!

Having worked in the microelectronic manufacturing industry for many years, I know that ic design, board design, board and circuit real estate layout, where every single bit of space on the circuit and the board are maximized for efficiency, are well thought out and planned out over generally a long-ish design and development and manufacturing prove-in period.

Further, much of an ic's coding is propietary and very complex, making this type of hack very difficult.

If what has happened here is true, I don't think it could have been a 'casual' modification imho, meaning that a lot of resources had to be involved. Maybe it was just the Chicoms, maybe not.

Regardless, it is very unsettling news.
__________

quote:

Originally posted by konata88:
Perhaps that point will be too late when China turns off our servers and networks and declares war. China is not interested in a happy coexistence. They want global domination.

What about if the Chinese suddenly cause all the "smart" cars to crash? How about in a few years, when there are even more on the roads? With the roads impassable, JIT food deliveries are going to be a problem. People are going to get pretty hungry.

Or what about coding "smart" devices in homes and businesses to overload and start fires in a coordinated attack? It would make the bombing raids on Germany look like a Sunday picnic.

This has long been a huge national security threat. Just because the Chinese haven't pulled the trigger yet, doesn't mean they never will.

I try to keep things as dumb as possible. Not easy.

It's been known for years (10-15, probably more) that one of the biggest and most dangerous threat vectors in the world of cybersecurity of everyday devices and servers alike was in the manufacturing end of microprocessors and other bits, including low level software like BIOS and Firmware and other instructions, all of which lives well below the threshold and knowledge of the average end user, and in many cases would slip past most of the related engineers and programmers except those few whose jobs those sections directly involve, little chips hanging on, or extra lines of code lying dormant...

Plus, there's so much crossover in so many devices that company A (a Phone manufacturer) wouldn't even know what company B (a Bluetooth chip manufacturer the Phone manufacturer uses in their phones) did. The phone manufacturer just buys a shitload of said Bluetooth chips, or whatever, and uses them in their Phone design and accesses them via the published specs and away they go none the wiser. Ain't nobody got time to check everything from the bottom up everytime something is designed and made, at least not in today's consumer driven gotta have it consumption culture.

Major shifts would be necessary for meaningful change, huge factories that don't even exist in the US would need to be built, they'd be mega expensive to build, and would take a few years I bet if they started today, and the price of consumer electronics like phones would absolutely increase and they'd increase quite a bit once they have to pay US wages and such to build it all, and that's just phones.

Our own NSA and other alphabet agencies, as well as foreign governments and terrorists alike, have been at it from these perspectives for quite some time (several or more years), and it's not just China either, and the semiconductor manufacturer which might be in China or Taiwan or wherever else may not even be the ones putting the money business in the gear - they're just building what they were asked to build, and there's nothing even remotely approaching a quick, easy, or inexpensive fix that's available to us as an alternative.

There are only so many manufacturing plants in the world that can make some of these core components, and some of the super raw materials (rare earth metals) are only found in usable quantities in a few places like China, and everyone in every industry (more or less) uses the same bits (transistors, capacitors, resistors, GPUs, SATA controllers, CPUs, and more) as everyone else, from the same handful of sources.

We're in for an uphill battle, for sure.

quote:

Originally posted by RichardC:
"Two of Elemental’s biggest early clients were the Mormon church, which used the technology to beam sermons to congregations around the world, and the adult film industry, which did not."

Droll, very droll.

Literally the best sentence in the story!

Gentlemen, I'm impressed that so many of you have read the article, and even more impressed that our local experts have made insightful comments on it.
I thank you.

I don't believe the article is completely accurate.

AWS response:

https://aws.amazon.com/blogs/s...s-erroneous-article/

Setting the Record Straight on Bloomberg BusinessWeek’s Erroneous Article
by Stephen Schmidt | on 04 OCT 2018 | in News, Security, Security, Identity, & Compliance | Permalink | Share
Today, Bloomberg BusinessWeek published a story claiming that AWS was aware of modified hardware or malicious chips in SuperMicro motherboards in Elemental Media’s hardware at the time Amazon acquired Elemental in 2015, and that Amazon was aware of modified hardware or chips in AWS’s China Region.

As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.

There are so many inaccuracies in ‎this article as it relates to Amazon that they’re hard to count. We will name only a few of them here. First, when Amazon was considering acquiring Elemental, we did a lot of due diligence with our own security team, and also commissioned a single external security company to do a security assessment for us as well. That report did not identify any issues with modified chips or hardware. As is typical with most of these audits, it offered some recommended areas to remediate, and we fixed all critical issues before the acquisition closed. This was the sole external security report commissioned. Bloomberg has admittedly never seen our commissioned security report nor any other (and refused to share any details of any purported other report with us).

The article also claims that after learning of hardware modifications and malicious chips in Elemental servers, we conducted a network-wide audit of SuperMicro motherboards and discovered the malicious chips in a Beijing data center. This claim is similarly untrue. The first and most obvious reason is that we never found modified hardware or malicious chips in Elemental servers. Aside from that, we never found modified hardware or malicious chips in servers in any of our data centers. And, this notion that we sold off the hardware and datacenter in China to our partner Sinnet because we wanted to rid ourselves of SuperMicro servers is absurd. Sinnet had been running these data centers since we ‎launched in China, they owned these data centers from the start, and the hardware we “sold” to them was a transfer-of-assets agreement mandated by new China regulations for non-Chinese cloud providers to continue to operate in China.

Amazon employs stringent security standards across our supply chain – investigating all hardware and software prior to going into production and performing regular security audits internally and with our supply chain partners. We further strengthen our security posture by implementing our own hardware designs for critical components such as processors, servers, storage systems, and networking equipment.

Security will always be our top priority. AWS is trusted by many of the world’s most risk-sensitive organizations precisely because we have demonstrated this unwavering commitment to putting their security above all else. We are constantly vigilant about potential threats to our customers, and we take swift and decisive action to address them whenever they are identified.

– Steve Schmidt, Chief Information Security Officer

quote:

Originally posted by matai:
I don't believe the article is completely accurate.

Neither do I. Bloomberg is full of shit most of the time. All anonymous sources. Show me some proof. There are some people in silicon valley and elsewhere around the US that live and breathe this stuff. They are on a different level than many people and they will find a abnormality in a chip or board does not matter if it there.

https://finance.yahoo.com/news...eport-110439954.html

quote:

Originally posted by Gustofer:

quote:

Originally posted by jhe888:

quote:

Originally posted by Gustofer:

quote:

Originally posted by markand:
Upon reflection, I didn't go far enough in my earlier post. If we stop importing Chinese products, not only will we have no electronics, we'll soon have no cars, appliances, and no tools to assemble and service cars and appliances. Certain foods will disappear from store shelves and our clothing choices will drastically diminish while prices for what few things are available will skyrocket. We'll have wood, but few tools to work it and few fasteners to hold it together. Not happy about that state of affairs at all, but I think we're going to have to figure out how to make it work. Not bugging everything they sell us would be a good start.

Think of all of the jobs we'd create here if we started doing all of this for ourselves again. If memory serves, prior to the 70s we were doing just fine without China's assistance in building/making everything we own.

And your I-widgets would all cost some multiple of what they cost now. I don't think Americans will sit still for $3000 phones.

The market would figure it out. It has a way of doing that somehow.

It did. It sent manufacturing to China.

If China isn't available, it will find some other shithole where people will work for pennies. Alternatively, they'll eliminate people from the production process.

I did some consulting work at a semiconductor factory in Japan, one of only three such factories in the world who can run 300mm wafers through their process (the bigger the wafer the bigger the blank-slate the more different things can be run through at once...), with 300mm silicon wafers being the biggest anyone could do at the time. They come in giant sticks / rods of silicon, like a giant stack of CDs but all one piece, then a slice is taken off like a single CD, and off it goes, a sort of batch processing method.

On any given 300mm wafer (like a giant CD, which is eventually split up into many different circuit boards later) there might be 10 TV remotes, 4 phones, 1 video card, and all manner of combinations for different companies, none of whom own of operate the factory), and in this factory (a big office building and a giant clean room with a mix of people and robots and stuff) there are something like 700 different processes on the production line, and each process can take big giant machines that cost $1 million or more each, some doing toxic nasty stuff inside sealed inner sections, and more. Much of which is way outside my areas of expertise. I worked on the software that controls the robots...

To say it's complicated and nontrivial is a gigantic understatement. And each one of those machines has their own Operators, Technicians, Engineers, etc. I befriended one Technician who lives in England, works for a company based in Berlin, and spends a few months at a time in faraway places like this factory servicing these machines, of which there are many, and many people like this guy.

There are a thousand places to hide nefarious code and nefarious hardware in the world of modern day electronics. Franky, it's astonishing things are as secure as they are.

We have an enormous task in front of us if we ever want truly secure hardware and software, much less domestically produced stuff. So much of it is based on trust, so much of it isn't open source and can't be independently verified, and there are SO many parts and parties involved, and not that much of consequence and popularity is made here in the US. Our consumer culture and price driven choices have really gotten us into a pickle with it all, and even most government projects are still awarded to the lowest bidder who despite their best efforts might not have been the ones best equipped to do the best job.

If China, Taiwan, Korea, and/or Japan are suddenly unfriendly to us - technology wise - or we suddenly cut off imports from there, we'd have a couple or more hard years at the very least, and tons of things would be more expensive. It'll take an enormous shift to do it ourselves instead. Billions upon billions, for sure.

I wonder how we do it, or what we do similar.

If the Chinese are doing it now, we’ve probably done it for 50 years.

Well look at that. I said openly starting about 7 years about how easy it would be for the Chinese to place chips on mother and comm boards that could send data back on anything processed through the system, no hacking required. Everyone thought I was drifting into the tin foil hat crowd so I just stopped talking about it.

.... I hate being right about stuff like this.

quote:

Originally posted by wcb6092:
I never did understand the concept of making the largest communist nation on earth powerful. I think Nixon might have screwed up.

The idea was the free-market would topple communism. Clearly the Chi-Coms are a lot smarter than certain leaders thought, not to mention too much accommodation and under-estimating the world scale by successive American administrations.

Three things will need to change to alter China's rise:
- American consumers are going to have to curtail their demand for cheap & available goods
- WTO needs to stop treating China as an emerging, third-world economy and consider the existing import imbalances in China
- South American and African countries need to wake up and leverage their population bases to compete on the world stage, looking at you Brazil, South Africa and Nigeria.

quote:

Originally posted by sjtill:
Gentlemen, I'm impressed that so many of you have read the article, and even more impressed that our local experts have made insightful comments on it.
I thank you.

Shirley, you jest.

Brazil needs to step up its game, in a dozen ways.