>> Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code. The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off. (Source: Bloomberg with emphasis added to highlight key points for discussion)
> That first part starting with “telling the device…” is nonsensical. If you are in the industry or read our Basic BMC and IPMI Management Security Practices piece, you would know that this is false.
This is not a very well-written article. How does this website's "best practices" document refute Bloomberg's story? The obvious problem is that not all organizations follow best practices, including many that you'd assume would, and those that do don't always follow them consistently. More subtly, if the BMC is subverted, you can't rely on to follow its normal programming or configuration: even if you have a segregated management network with no network access, the subverted BMC isn't required to use it and can use the "shared port" instead.
When you're dealing with subverted hardware or software, you have to throw out most of your assumptions about how those things work that were formed in normal cases. It's clear that the authors of this article did not do that.
> That first part starting with “telling the device…” is nonsensical. If you are in the industry or read our Basic BMC and IPMI Management Security Practices piece, you would know that this is false.
This is not a very well-written article. How does this website's "best practices" document refute Bloomberg's story? The obvious problem is that not all organizations follow best practices, including many that you'd assume would, and those that do don't always follow them consistently. More subtly, if the BMC is subverted, you can't rely on to follow its normal programming or configuration: even if you have a segregated management network with no network access, the subverted BMC isn't required to use it and can use the "shared port" instead.
When you're dealing with subverted hardware or software, you have to throw out most of your assumptions about how those things work that were formed in normal cases. It's clear that the authors of this article did not do that.