Long-time Slashdot reader Artem S. Tashkinov quotes Wired:
More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks. Apple, Amazon, and Supermicro all vehemently denied the report. The NSA dismissed it as a false alarm. The Defcon hacker conference awarded it two Pwnie Awards, for “most overhyped bug” and “most epic fail.” And no follow-up reporting has yet affirmed its central premise.
But even as the facts of that story remain unconfirmed, the security community has warned that the possibility of the supply chain attacks it describes is all too real. The NSA, after all, has been doing something like it for years, according to the leaks of whistle-blower Edward Snowden. Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company’s hardware supply chain. And one of them has demonstrated that it doesn’t even require a state-sponsored spy agency to pull it off — just a motivated hardware hacker with the right access and as little as $200 worth of equipment.
Google’s $399 iPhone Killer, A Bold CIA Privacy Move, and More News
What do our readers want?
Garmin Tacx NEO 2T Smart Trainer Review: A Realistic Indoor Bike Ride
Best of 9to5Toys: Black Friday ads, AirPods Pro hit new low, latest iPad Pro up to $719 off, more
With Process Fabric, Pega seeks to weave together enterprise apps
Did nobody tell them about the lockdown? Logitech releases new ‘luggable’ mechanical keyboard for LAN parties
eBay-like auction site created for stolen data
Skipped patch from 2012 makes old Microsoft Office systems a favored target