 So, the potential Chinese supply chain attack is still pretty unanswered. I feel like we're playing a really high stakes game of poker here. We have security researchers such as Snire, Krebs, Tavis Ormandy, Apple, AWS. Every company, our own government, denial. But Bloomberg is doubling down and says it's true. Now what's at stake here? It's reputation or the reputation of security researchers and the trust of all these people involved that are denying it. So either AWS and Apple are completely blissfully unaware or are in complete denial about it. We just don't know. And I've had people ask me because I did post about this before and this is something I think a lot about when it comes to security and supply chain is a huge problem when it comes to security. It is the most likely place for these attacks to happen. And I'll leave links to all the things we're going to talk about here below. But let's start with people getting things wrong, especially well-respected security researchers who have a lot of credibility to market. And that leads me all the way back to bad bios. This is a few years ago when Dragos Rui, I think they say his last name, he's the organizer of Pone Owned, well-respected security researcher and became convinced there was a persistent threat called bad bios. Biosas could talk to each other via a sound transmission. This is almost absurd and turned into a giant hoopla back just like this did of what do you mean my system can be hacked when it's air gapped like it's just sitting here. And a sound of ultrasonic nature can be sent to it beyond my range of hearing cutting through interference and being able to do this. The good news is security researchers went to work on this concept. It is wildly crazy, but turned out to be plausible. And I say plausible because let's break something down real quick. Provided the people involved in let's say they could create this bad bios theory and they were able to somehow use the PC speaker to send bios information across. So you need a transmit system, you need a listening system, which most computers do have a microphone and speaker attached that the bios could access provided it could somehow fit the drivers in here and everything else. And then we have to have another one that's also infected waiting for the next part of the control to come to it, which by the way, bios is by default don't listen to speakers. But then someone did a whole paper on it and calculated, OK, how much could that transfer be? And we calculated, OK, let's say a six megabyte bios, 20 bits a second was the max transfer rate ideal conditions means it would take about 27 days of these two systems sitting next to each other, cutting through interference in an ideal situation to get the data from one bios to another. So you're back to plausible and we all went to sleep on this and we realized bios is are still a potential for attack. It prompted a lot of security researchers, a lot of articles, but the reality is no one ever proved this that was absolutely possible or that it was occurring. And it's been five years. And I don't know if this took a notch off Drago's credibility, but he hasn't really talked money more about it like and say, I found it. I proved it. Let me show you these companies are doing it. It just became a plausible idea versus his original claim was it's real. It happened in my lab. So you can see how these are things have happened before. It makes us look deeper, which I think is usually important at the security. But they're not always plausible. And that's kind of how I'm starting to feel with this whole thing here. So I've read through Brian Krebs, his whole breakdown of it. And I've read through Bruce Schneier's breakdown of it. And we've at least had an update from one of the sources that they mentioned where they said Apple removed servers because of a problem. And there's an update on this article that I referenced before. And it says a source familiar at Apple told ours that a compromised firmware affected servers in Apple's design lab, not an active series service. The firmware, according to the source, was downloaded directly from Supermicro support site and a firmware is still hosted there. So there's a problem with the firmware. This is different than that. Now, is this an attack on there? Maybe someone goes, well, you need the updated firmware. And that's what activates this as a BIOS update. We just don't know. But it just seems more and more implausible. Tavis Armady, I've been following him for a long time. He's an amazing security researcher at Project Zero has had a ton of really deep technical security flaws that he's found and properly does it. And he's tweeting that it doesn't think it's real. He just, it's one of those, we're going to have to lay the cards down. And we've got an Apple insider says nobody internally knows what's going on with Bloomberg story hack. It just seems like if this was a real thing, someone would step forward. Someone's been sitting on this information, waiting, you tell. And Bloomberg gathered up the research. Now, Bloomberg is a big news organization. So their credibility is in line. Their basis for this is pretty incredible, but they're going to have to show their cards. You can't just say anonymous sources. This isn't how security works. When people like Tavis, who's a White Hat hacker for Project Zero, find something that goes through a disclosure method and we discuss it. Everyone scrutinized the bad bios until we kind of realized it wasn't quite the thing we thought it was. So there's a lot going on here. And I think part of the other side of it is we've seen super microstock take a big hit. And I don't know if this is related at all. This is just Bloomberg reporting on the markets, but it is interesting. Everyone's fleeing China stock is for understump 1.4 billion. So there's also the stock angle to this. Do these people have some vested stock in this whole thing? Were they perhaps short selling? I don't know. A lot of times follow the money. Is it journalism here or is there something else at play? And I don't like to sound conspiracy theorist at all. But it's just so interesting to me that Bloomberg has this bombshell of an article. They're doubling down on it. The denials are all the way around. So either we have some giant conspiracy, but even general security researchers that are not, you know, tinfoil hat in terms of the way they look at things like Bruce Schneier, like he's very conscious of security, talks about some of the problems related to this. But the other side of it is everyone is just saying, OK, it's plausible, but you're going to have to show some proof. And I think there's good coming out of it that it's plausible. Do I think you should rip out every super microserver you have? This is the other confusing part. I'm not sure which servers were affected if I'm to believe the illustrations on the Bloomberg article. It looks like it was some of the blade servers. I am not 100% sure. And I wish they listed which models. I wish they listed something because let's tell you, this is from a few years ago, which means these servers have been probably changed out or on the open market and we can get ahold of them. Let us at least know the server numbers so you don't even have to tell us the anonymous sources. Just tell us where to look and people will look and I don't understand why they're not doing that. You drop us where to look. You'll find security researchers de-soldering, decoupling, and removing all the components piece by piece and examining needs. Once we get that information, just throw it into general public like that. That's generally what a news article can do. You don't have to reveal your sources because they want to remain anonymous for reasons they have, which may be very valid because there's a lot at stake here, but please let us know the motherboard model. And if you're not going to, you're going to fold your deck. You're going to say, well, we just published a story, but we can't provide any evidence. Providing the motherboard model would not compromise these people's identity. It would actually validate the claim. I don't know. Let's show your cards is kind of what I'm feeling here. It makes me feel more and more that this is just an implausible idea and a really big hit piece, but I don't know. We got to see something here. It's really interesting, but hopefully we will get some more auditing of the supply chain because that's ultimately what I think we're going to get out of this. I'm not feeling it as much as I did when I first read the article because, well, no evidence has come forward. Give me a few days. Throw me some evidence. Throw something out here, and they haven't so far. All right. Thanks. I'll keep you updated. I'll be doing this as more of this information comes out. So it's pretty deep and fascinating. Thanks for watching. If you like this video, go ahead and click the thumbs up. Leave us some feedback below to let us know any details which you like and didn't like as well because we love hearing a feedback. Or if you just want to say thanks, leave a comment. If you wanted to be notified of new videos as they come out, go ahead and subscribe and the bell icon that lets YouTube know that you're interested in notifications. Hopefully they send them as we've learned with YouTube. Anyways, if you want to contract us for consulting services, you go ahead and hit launch systems.com. And you can reach out to us for all the projects that we can do and help you. We work with a lot of small businesses, IT companies, even some large companies. And you can farm different work out to us or just hire us as a consultant to help design your network. Also, if you want to help the channel in other ways, we have a Patreon. We have affiliate links. You'll find them in the description. And you'll also find recommendations to other affiliate links and things you can sign up for on launch systems.com. Once again, thanks for watching and I'll see you in the next video.