 So, this Bloomberg article is interesting and it brings up a lot of thoughts about the hardware that we use, how it's manufactured, how it's validated, and what else could be there that we are unaware of. And I was really shocked when I seen it. Bloomberg is a generally reputable place, but they're not a technical reporting agency. But I think there's some reasons they did this. My guess would be they had some information and the best way to get us all talking about it is to throw it out there. Now, I'm not saying the information isn't true. I'm saying it lacks a lot of details, but points in some directions of where we can look. So, if you're not familiar with the article in brief, it talks about super micro and the fact that chips were added to the super micro that are potentially a backdoor. Now, how would this work? Speculatively, because we're light on details here, these chips would attach to the network and have something that would trigger them to do something with the system. So, if you wipe a system clean, it's nice. It works. You're like, okay, I've certified this system good. And there's some triggering event that this little chip allegedly could potentially push firmware into a clean system to compromise it. That's a complicated, but not impossible task. And Derrick also sells quite long and they cover the technical details of theories, information about the companies, citing a lot of links. And we can also talk about some of the denials and, you know, Apple deleted service supplier after finding infected firmware and service. So, this is actually older from 224, 17 hours technical, and I'll leave links to all these, of course, below. But it is plausible is what I would actually say this is. I don't know that this is actually what happened without the details. It's hard to really make some really solid conclusions on this. But what it has done is there's a lot of people double checking things, and I think that's good. We've got a lot more people looking at things at the supply chain, which is, of course, one of the attack factors they use. It's referred to as a supply chain attack, but somewhere, you know, from the point of manufacture to going to a client, the system was compromised. And this is something that is very serious. We see this attack in software industries as well, because if they can get a popular product, and this has happened before, to add something in because they compromised the compiling machine for it, no one at the company is the wiser and something can get slipped in. Now, a couple things if you want to hear some breakdowns of this I thought were interesting is Security Now, episode 563, IOT Infancy Part 2. They talk about this, and this is a actually University of Michigan study called the demonically clever backdoor to hide in a tiny, tiny slice of computer chip. And these are some write-ups of what they refer to as analog attacks, ways of embedding things and activating them later. So this is interesting, and no, this didn't come out after. This is from a few years ago when these people put together some theories on it. And to do a little further reading is you can dig into JTAG explain how IOT security and engineers and manufacturers should care. This is also from 2016 because there's a series of JTAGs that were reverse engineered, and it's an interface for a lot of these IOT devices. They actually have a router take apart here and showing how you can get in with only a couple pins connected and finding all kinds of undocumented things. This has been a talk at different hacker conferences and things like that as well. There's a lot of plausible things here. A lot of them have been reproduced in a lab, have been not found in a while, but say, hey, we can take something apart and do this. And of course, it's been used to reverse engineer things, and they talk about that here. So sometimes the JTAG has been used as a reverse engineering tool for popular products because we want to unlock things inside of them and generally hacking them. Now, this is the blog I think you should probably read. CINRIO, I'm not sure how to say that. They are a company that teaches some of the back doors, some of the hacking. They have a lot of breakdowns. They have an entire class on this. And they did a breakdown and write up that I thought was really accurate if you want more technical details. But once again, Bloomberg didn't give us technical details. So we're stacking out all the information for things we've seen before on the plausibility of this attack and could it really happen? So it's really fascinating to think that something like one of these system on a chip can contain many chips inside of it. So there's one method, but the way that is refuted is you would take these chips and they have a spec. And if you are at the level that Amazon is at the level of Microsoft or any of these large data center companies, they work with the engineers. And they go, okay, what does the design of that board? What do these chips do? And then someone could take sample boards and validate it. And my understanding is that is what they're implying happen is through the validation they found an undocumented extra chip. And we don't know until some reverse engineering is done of what these chips do if these chips have been provided to security researchers. But it's also a really touchy subject and all these companies are definitely going to go start with the deny first. And this is partly because of the way they layer security. So there's a lot of factors involved. One of them is the way the cloud works is based on trust. We trust that if I put my stuff in one of the cloud servers, Amazon, Azure, whichever one that it stays contained securely within that cloud server that Amazon themselves does not have access to it or will not access my documents and so on and so forth. The minute that trust violation is broken, people will simply move to a company they do think they trust and the cloud isn't going anywhere and people screaming self host. There's things that you just, it's not reasonable to self host things at scale and the scale of size that you may want to run something in, you know, an Amazon type server. You may not be able to try to run that inside of your own office. It just, like I said, is not feasible. So we have to have some trust going on. And these companies also don't want to give the hackers an edge. And I brought this up before. The eye Dracula vulnerability impacts millions of legacy EMC servers. And what this is why companies don't talk necessarily about the hardware they use. Let me explain. If you find a vulnerability such as this one here, which I found interesting. I can leave a link to this too. You now know there's this flaw in these particular servers. If the companies had also announced in some blog post or filing it, hey, we bought a bunch of EMC servers several years go by. You will assume those EMC servers are still there. Now, if you find some infiltration into one of these said companies, you have a piece of information about them and you can skip a lot of the other attacks. You can go right for, hey, I know this attack. I know the company announced and verified what servers they're using. I know these two things can go together. So this is why companies from a security standpoint don't disclose things. It's not just to, you know, keep you in the dark about how they operate or prices they paid for things. But it's also by not very validating which boards are using. They eliminate another edge. So if someone were to get in their data center, they're still going to have to try lots of different things. And those things could get triggered by the tools they have that watch what's going on in a data center. They have all kinds of monitoring tools that look for activity. And if you're a hacker that's inside the data center, you're trying away at lots of different options. And the first one doesn't work. Your possibility of getting noticed goes up and up as you try different things. So that being said, you have to make sure that you come in and you're concise. If you don't know what hardware they're using, harder to be concise. If you're aware of these super microchips, you know, let's say this is happening and it says true. Then you know which companies have these super microboards. And you go, I've already established a beachhead within their network, but I haven't figured out what attack to deploy. Because once you deploy the attack, you're going to be discovered unless the attack works the first try. Well, you just got that information. So this is, you're going to get denials, whether it's true or not. That's just the fact of it. It doesn't mean it's conspiracy. It's just the way this works. This article breaks down. So a little bit more technical details than I covered in here, but I'll leave you links here. I don't know if this is true or not. I do know lots of people taking and looking at the boards and digging deeper is a good thing. Because this attack is only going to get more sophisticated and it's been plausible. It's been proven. So to speak in a lab that we can do things like this, whether or not this is really going to happen. I don't know, but stay out there, stay concerned. And, you know, interesting about this whole thing, we're going to see how it develops. And I'm going to wait for some security researchers who do start turning these apart and see if they find something. They're all looking. A lot of people got the microscope out and they're digging around on the boards. So if something's out there, we're very likely to find it now. Anyways, if you want to contract us for consulting services, you go ahead and hit LawrenceSystems.com and you can reach out to us for all the projects that we can do and help you. We work with a lot of small businesses, IT companies, even some large companies, and you can farm different work out to us or just hire us as a consultant to help design your network. Also, if you want to help the channel in other ways, we have a Patreon. We have affiliate links. You'll find them in the description. You'll also find recommendations to other affiliate links and things you can sign up for on LawrenceSystems.com. Once again, thanks for watching and I'll see you in the next video.