[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:19.76,Default,,0000,0000,0000,,{\i1}35c3 prerol music{\i0}
Dialogue: 0,0:00:19.76,0:00:26.63,Default,,0000,0000,0000,,Herald: So Trammell Hudson, who is\Nstanding here, he's taking things apart.
Dialogue: 0,0:00:26.63,0:00:34.37,Default,,0000,0000,0000,,Don't worry not life on stage, but he will\Ngive us a proof of concept and some
Dialogue: 0,0:00:34.37,0:00:39.56,Default,,0000,0000,0000,,details and functionalities about hardware\Nimplants. So the same things that we heard
Dialogue: 0,0:00:39.56,0:00:45.48,Default,,0000,0000,0000,,from Bloomberg article talking about Apple\Nand super microcomputers with implants
Dialogue: 0,0:00:45.48,0:00:52.88,Default,,0000,0000,0000,,that, yeah, were implanted into those,\Ninto those computers. And I'm really
Dialogue: 0,0:00:52.88,0:00:57.68,Default,,0000,0000,0000,,excited to see this in action. Please give\Na warm round of applause to Trammel
Dialogue: 0,0:00:57.68,0:01:02.59,Default,,0000,0000,0000,,Hudson!
Dialogue: 0,0:01:02.59,0:01:07.51,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:01:07.51,0:01:11.60,Default,,0000,0000,0000,,Trammell: Before we begin talking about\Nhardware implants just two quick
Dialogue: 0,0:01:11.60,0:01:16.31,Default,,0000,0000,0000,,disclaimers. The first from my employer\NTwo Sigma investments as it says are
Dialogue: 0,0:01:16.31,0:01:21.91,Default,,0000,0000,0000,,chocolate bars. This is not investment\Nadvice. And secondly I don't actually know
Dialogue: 0,0:01:21.91,0:01:26.92,Default,,0000,0000,0000,,what the story is behind the super micro\Nstory. No one outside of Bloomberg and
Dialogue: 0,0:01:26.92,0:01:32.45,Default,,0000,0000,0000,,their sources do. But I have spent a lot\Nof time thinking about hardware implants
Dialogue: 0,0:01:32.45,0:01:38.20,Default,,0000,0000,0000,,starting with the thunderstrike firmware\Nattack against mac books as well as the
Dialogue: 0,0:01:38.20,0:01:45.42,Default,,0000,0000,0000,,thunderstrike 2 where we were able to get\Nsoftware to write into the firmware on the
Dialogue: 0,0:01:45.42,0:01:50.56,Default,,0000,0000,0000,,mac books. I've also been thinking a lot\Nabout how to defend against hardware
Dialogue: 0,0:01:50.56,0:01:54.42,Default,,0000,0000,0000,,implants with things like the heads\Nfirmware for slightly more secure laptops
Dialogue: 0,0:01:54.42,0:01:59.42,Default,,0000,0000,0000,,and also as part of my co-lead on the\NLinux boot project. We're thinking about
Dialogue: 0,0:01:59.42,0:02:10.08,Default,,0000,0000,0000,,how to protect servers from physical and\Nsoftware attacks. So with all of this
Dialogue: 0,0:02:10.08,0:02:14.91,Default,,0000,0000,0000,,concentrated thinking about firmware and\Nhardware attacks, I was really excited
Dialogue: 0,0:02:14.91,0:02:20.72,Default,,0000,0000,0000,,when I saw the Bloomberg story back in\NOctober. But what really intrigued me was
Dialogue: 0,0:02:20.72,0:02:26.44,Default,,0000,0000,0000,,the animated image that they had at the\Nheader that highlighted one small part of
Dialogue: 0,0:02:26.44,0:02:32.92,Default,,0000,0000,0000,,the board as where the implant was, but\Nwhat I found really interesting is that is
Dialogue: 0,0:02:32.92,0:02:40.25,Default,,0000,0000,0000,,exactly where I would install a hardware\Nimplant as they described on the SPI bus.
Dialogue: 0,0:02:40.25,0:02:44.61,Default,,0000,0000,0000,,A lot of other people in the hardware and\Nfrom our security community thought it
Dialogue: 0,0:02:44.61,0:02:50.14,Default,,0000,0000,0000,,sounded plausible. Other people pointed\Nout that supply chain attacks come up
Dialogue: 0,0:02:50.14,0:02:56.07,Default,,0000,0000,0000,,periodically and they are definitely a\Nconcern. Some people thought the attack as
Dialogue: 0,0:02:56.07,0:03:03.32,Default,,0000,0000,0000,,described was entirely implausible and in\Ngeneral we sort of had a Whiskey Tango
Dialogue: 0,0:03:03.32,0:03:08.16,Default,,0000,0000,0000,,Foxtrot moment as everybody scrambled to\Nfigure out what's going on inside their
Dialogue: 0,0:03:08.16,0:03:14.54,Default,,0000,0000,0000,,machines. So, let's step back very quickly\Nand review what the key claims that
Dialogue: 0,0:03:14.54,0:03:22.34,Default,,0000,0000,0000,,Bloomberg alleged happened. First they\Nsaid that Amazon's testers found a tiny
Dialogue: 0,0:03:22.34,0:03:27.25,Default,,0000,0000,0000,,microchip that wasn't part of the board's\Noriginal design that had been disguised to
Dialogue: 0,0:03:27.25,0:03:33.35,Default,,0000,0000,0000,,look like a signaling condition signal\Ncondition coupler and that these illicit
Dialogue: 0,0:03:33.35,0:03:39.79,Default,,0000,0000,0000,,chips were connected to the baseboard\Nmanagement controller or the BMC which
Dialogue: 0,0:03:39.79,0:03:44.21,Default,,0000,0000,0000,,gave them access to machines that were\Nturned off. That might sound kind of
Dialogue: 0,0:03:44.21,0:03:49.87,Default,,0000,0000,0000,,extreme, but that's actually what the role\Nof the BMC is, that in most servers the
Dialogue: 0,0:03:49.87,0:03:55.28,Default,,0000,0000,0000,,BMC is running any time the machine is\Nhooked up to power and it's connected to
Dialogue: 0,0:03:55.28,0:04:01.91,Default,,0000,0000,0000,,the power supplies so that it can turn the\Nmachine on and turn it off. Frequently you
Dialogue: 0,0:04:01.91,0:04:06.78,Default,,0000,0000,0000,,want to be able to do this over a network\Nso it has its own dedicated LAN port but
Dialogue: 0,0:04:06.78,0:04:14.18,Default,,0000,0000,0000,,it can also share the LAN port with the\Nwith the main system. Serial over LAN is a
Dialogue: 0,0:04:14.18,0:04:19.18,Default,,0000,0000,0000,,really useful way to debug the systems so\Nit provides that functionality. It can
Dialogue: 0,0:04:19.18,0:04:27.35,Default,,0000,0000,0000,,also provide fake USB volumes to allow to\Nto do unintended OS installation. A lot of
Dialogue: 0,0:04:27.35,0:04:33.43,Default,,0000,0000,0000,,sites also won't remote KVM so it has VGA\Nbut that VGA support means that it's on
Dialogue: 0,0:04:33.43,0:04:40.37,Default,,0000,0000,0000,,the PCIe BUS and because some PCIe it can\Ndo DMA into main memory. It also is
Dialogue: 0,0:04:40.37,0:04:47.00,Default,,0000,0000,0000,,typically muxed into the SPI flash for\Nthe host firmware, which allows it to
Dialogue: 0,0:04:47.00,0:04:51.82,Default,,0000,0000,0000,,modify it and on some systems it's even\Nconnected to the TPM which allows it to
Dialogue: 0,0:04:51.82,0:04:59.93,Default,,0000,0000,0000,,circumvent the corporate of trust. So with\Nall of this capability inside this chip
Dialogue: 0,0:04:59.93,0:05:06.92,Default,,0000,0000,0000,,it's really unfortunate that they are\Nreally not well put together. The head of
Dialogue: 0,0:05:06.92,0:05:11.15,Default,,0000,0000,0000,,Azure security says they have no\Nprotection against attacks. There's no
Dialogue: 0,0:05:11.15,0:05:15.53,Default,,0000,0000,0000,,ability to detect if an attack has\Nhappened and there's no ability to recover
Dialogue: 0,0:05:15.53,0:05:22.45,Default,,0000,0000,0000,,from an attack. So having a hardware\Nimplant on the BMC is a really big
Dialogue: 0,0:05:22.45,0:05:32.03,Default,,0000,0000,0000,,concern. The other claim in the article is\Nthat it affected 30 different companies
Dialogue: 0,0:05:32.03,0:05:39.93,Default,,0000,0000,0000,,including Apple and Bloomberg alleges that\NApple found malicious chips independently
Dialogue: 0,0:05:39.93,0:05:44.98,Default,,0000,0000,0000,,on their super micro boards. Went to the\NFBI about it and that they then severed
Dialogue: 0,0:05:44.98,0:05:52.10,Default,,0000,0000,0000,,ties with Super Micro. This particular\Nclaim was interesting because it
Dialogue: 0,0:05:52.10,0:05:57.57,Default,,0000,0000,0000,,corroborated a story that had shown up\Nback in early 2017 that Apple had removed
Dialogue: 0,0:05:57.57,0:06:03.05,Default,,0000,0000,0000,,Super Micro from their data centers. Apple\Ndenied that there was a firmware issue.
Dialogue: 0,0:06:03.05,0:06:10.19,Default,,0000,0000,0000,,But it's interesting that perhaps these\Ntwo were related. The third set of claims
Dialogue: 0,0:06:10.19,0:06:16.09,Default,,0000,0000,0000,,is that on some of these implants they\Nwere actually put between the layers on
Dialogue: 0,0:06:16.09,0:06:23.21,Default,,0000,0000,0000,,the PCB and then the most explosive claim\Nis that this was done by operatives from
Dialogue: 0,0:06:23.21,0:06:33.58,Default,,0000,0000,0000,,China, the Chinese People's Liberation\NArmy. With a story with this you know this
Dialogue: 0,0:06:33.58,0:06:39.39,Default,,0000,0000,0000,,many claims and this significant of\Nallegations we'd hoped that it would be
Dialogue: 0,0:06:39.39,0:06:45.43,Default,,0000,0000,0000,,really well sourced and for a normal story\N17 independent sources that Bloomberg
Dialogue: 0,0:06:45.43,0:06:52.49,Default,,0000,0000,0000,,editors agreed to grant anonymity to,\Nincluding six national security, two
Dialogue: 0,0:06:52.49,0:06:57.34,Default,,0000,0000,0000,,people inside of AWS and three senior\Ninsiders at Apple seems like pretty solid
Dialogue: 0,0:06:57.34,0:07:03.11,Default,,0000,0000,0000,,sourcing, except as soon as this article\Nis published everyone denied it. The
Dialogue: 0,0:07:03.11,0:07:09.08,Default,,0000,0000,0000,,Director of National Intelligence said\Nthey'd seen no evidence of this. Amazon
Dialogue: 0,0:07:09.08,0:07:13.99,Default,,0000,0000,0000,,said that they've never found any issues\Nof modified hardware nor have they been
Dialogue: 0,0:07:13.99,0:07:21.00,Default,,0000,0000,0000,,engaged with the government over it. Apple\Nwas even more blunt. CEO Tim Cook said
Dialogue: 0,0:07:21.00,0:07:27.59,Default,,0000,0000,0000,,this did not happen. There is no truth to\Nthis. And Super Micro wrote a fairly
Dialogue: 0,0:07:27.59,0:07:32.15,Default,,0000,0000,0000,,lengthy letter about what they do to\Nprotect their supply chain and why they
Dialogue: 0,0:07:32.15,0:07:38.99,Default,,0000,0000,0000,,think this attack did not happen. And it\Nis worth going through to look at some of
Dialogue: 0,0:07:38.99,0:07:44.88,Default,,0000,0000,0000,,the things that they say that they do to\Nprotect their supply chain. They point out
Dialogue: 0,0:07:44.88,0:07:50.70,Default,,0000,0000,0000,,that if there's any unauthorized physical\Nalterations during the manufacturing
Dialogue: 0,0:07:50.70,0:07:56.95,Default,,0000,0000,0000,,process other design elements would not\Nmatch and those things would be detected.
Dialogue: 0,0:07:56.95,0:08:03.30,Default,,0000,0000,0000,,To sort of understand how circuit boards\Nare made, I recently visited a PCB factory
Dialogue: 0,0:08:03.30,0:08:11.08,Default,,0000,0000,0000,,in Guangzhou. This is not a super micro\Nfactory. This is just a holiday photos. So
Dialogue: 0,0:08:11.08,0:08:16.76,Default,,0000,0000,0000,,in order to add new vias they would have\Nto modify the drill files which would then
Dialogue: 0,0:08:16.76,0:08:22.05,Default,,0000,0000,0000,,get electroplated. If they had to add new\Ntraces, they would have to be able to
Dialogue: 0,0:08:22.05,0:08:29.40,Default,,0000,0000,0000,,subvert the masking and etching process\Nand any changes to either the drills or
Dialogue: 0,0:08:29.40,0:08:34.91,Default,,0000,0000,0000,,the etching on individual layers would be\Ncaught by the optical inspection that's
Dialogue: 0,0:08:34.91,0:08:41.48,Default,,0000,0000,0000,,done on these bare circuit boards.\NAdditionally the allegation that things
Dialogue: 0,0:08:41.48,0:08:47.11,Default,,0000,0000,0000,,were inserted between circuit boards would\Nrequire that the lamination process be
Dialogue: 0,0:08:47.11,0:08:55.33,Default,,0000,0000,0000,,subverted and that the implant somehow\Naligned into the system. If that implant
Dialogue: 0,0:08:55.33,0:09:00.41,Default,,0000,0000,0000,,changes any of the connectivity the flying\Nprotesters would pick it up or the bed of
Dialogue: 0,0:09:00.41,0:09:05.98,Default,,0000,0000,0000,,nails testers which checks all of the\Nconnectivity of all the traces to make
Dialogue: 0,0:09:05.98,0:09:09.30,Default,,0000,0000,0000,,sure that there are no shorts and to make\Nsure that everything that is supposed to
Dialogue: 0,0:09:09.30,0:09:16.68,Default,,0000,0000,0000,,be connected is electrically conductive.\NSo it would be very difficult to
Dialogue: 0,0:09:16.68,0:09:22.11,Default,,0000,0000,0000,,circumvent the production process at this\Nstage. And it also would be very difficult
Dialogue: 0,0:09:22.11,0:09:27.71,Default,,0000,0000,0000,,to contain because the PCB factory doesn't\Nknow which customers are going to receive
Dialogue: 0,0:09:27.71,0:09:34.47,Default,,0000,0000,0000,,those circuit boards. Super Micro also\Npoints out that during the assembly
Dialogue: 0,0:09:34.47,0:09:40.48,Default,,0000,0000,0000,,process when the parts are installed they\Nhave their employees on site the whole
Dialogue: 0,0:09:40.48,0:09:47.56,Default,,0000,0000,0000,,time. On my same holiday trip I also\Nvisited some PCB assembly companies and
Dialogue: 0,0:09:47.56,0:09:53.59,Default,,0000,0000,0000,,spoke with companies that are using doing\Ncontract manufacturing and they said that
Dialogue: 0,0:09:53.59,0:09:59.09,Default,,0000,0000,0000,,they also send their employees to the\Nproduction line to observe the pick and
Dialogue: 0,0:09:59.09,0:10:05.60,Default,,0000,0000,0000,,place machines and the reflow and the rest\Nof the surface mount assembly. Their big
Dialogue: 0,0:10:05.60,0:10:10.09,Default,,0000,0000,0000,,concern is that if they don't have someone\Nthere the parts that are fed in the pick
Dialogue: 0,0:10:10.09,0:10:17.66,Default,,0000,0000,0000,,in place will be replaced with either\Ncounterfeits or with salvaged parts. I
Dialogue: 0,0:10:17.66,0:10:23.46,Default,,0000,0000,0000,,visited the electronics market in ???????\Nbay where there are people desoldering
Dialogue: 0,0:10:23.46,0:10:29.19,Default,,0000,0000,0000,,e-waste and then sorting the parts into\Nbins and selling these salvaged components
Dialogue: 0,0:10:29.19,0:10:34.59,Default,,0000,0000,0000,,by the kilo and for a few extra renminbi\Nthey'll put them on rails for you so that
Dialogue: 0,0:10:34.59,0:10:41.66,Default,,0000,0000,0000,,you can save a few pennies on your\Nproduction process. The other concern that
Dialogue: 0,0:10:41.66,0:10:46.49,Default,,0000,0000,0000,,these companies have, is not just salvaged\Nparts but straight up counterfeits.
Dialogue: 0,0:10:46.49,0:10:52.44,Default,,0000,0000,0000,,Especially for things that cost more than\Na few dollars each. The Arduino community
Dialogue: 0,0:10:52.44,0:10:59.14,Default,,0000,0000,0000,,was hit a few years ago with a bunch of\Ncounterfeit FTDI chips where the internal
Dialogue: 0,0:10:59.14,0:11:07.60,Default,,0000,0000,0000,,construction was entirely different. In\Nthis case it caused reliability issues but
Dialogue: 0,0:11:07.60,0:11:11.55,Default,,0000,0000,0000,,you can imagine from a security\Nperspective this is really worrisome that
Dialogue: 0,0:11:11.55,0:11:15.71,Default,,0000,0000,0000,,parts that look identical might have\Ncompletely different functionality inside
Dialogue: 0,0:11:15.71,0:11:25.38,Default,,0000,0000,0000,,of them. Super Micro also mentions that\Nthey X-ray their main boards to look for
Dialogue: 0,0:11:25.38,0:11:32.00,Default,,0000,0000,0000,,anomalies and I wasn't able to take any\Nphotos inside the factory there was doing
Dialogue: 0,0:11:32.00,0:11:38.23,Default,,0000,0000,0000,,x-rays. But in this Wikipedia photo we can\Nclearly see active components like this
Dialogue: 0,0:11:38.23,0:11:45.67,Default,,0000,0000,0000,,SOIC chip are different from things like\Nthe SMD resistors and capacitors. So if an
Dialogue: 0,0:11:45.67,0:11:51.22,Default,,0000,0000,0000,,attacker were trying to subvert the supply\Nchain by putting a disguise component it
Dialogue: 0,0:11:51.22,0:11:56.67,Default,,0000,0000,0000,,could be detected at this step. Another\Ninteresting thing in this photo are these
Dialogue: 0,0:11:56.67,0:12:02.68,Default,,0000,0000,0000,,inductors that are encased in dip\Npackages. This is really common in a lot
Dialogue: 0,0:12:02.68,0:12:07.44,Default,,0000,0000,0000,,of Ethernet boards and occasionally people\Nhave thought they had some sort of
Dialogue: 0,0:12:07.44,0:12:13.59,Default,,0000,0000,0000,,hardware implant when they found inductors\Nin their ethernet jacks but it's pretty
Dialogue: 0,0:12:13.59,0:12:19.80,Default,,0000,0000,0000,,it's fairly common and it shows it pretty\Nclearly on the x-ray. Some other security
Dialogue: 0,0:12:19.80,0:12:26.07,Default,,0000,0000,0000,,researchers like Sophia D'Antoine did an\Nextensive teardown of Super Micro boards
Dialogue: 0,0:12:26.07,0:12:33.44,Default,,0000,0000,0000,,including X-ray analysis and her group\Nfound a few oddities but nothing.. they
Dialogue: 0,0:12:33.44,0:12:37.53,Default,,0000,0000,0000,,didn't find anything malicious. There were\Nno smoking guns. They just appeared to be
Dialogue: 0,0:12:37.53,0:12:43.19,Default,,0000,0000,0000,,sort of supply chain type things. You can\Nread her blog post for more details about
Dialogue: 0,0:12:43.19,0:12:49.32,Default,,0000,0000,0000,,where they found things that shouldn't\Nhave been there. But turned out to be just
Dialogue: 0,0:12:49.32,0:13:00.88,Default,,0000,0000,0000,,actual signal condition components. So\Nsuper micro in their ???? letter, they
Dialogue: 0,0:13:00.88,0:13:07.24,Default,,0000,0000,0000,,keep reenforcing that the manufacturing\Nprocess that is the assembly process, it's
Dialogue: 0,0:13:07.24,0:13:11.18,Default,,0000,0000,0000,,during the manufacturing process and I\Nagree with them. It would be very
Dialogue: 0,0:13:11.18,0:13:17.94,Default,,0000,0000,0000,,difficult to circumvent security in a\Nreasonable way in that part of the
Dialogue: 0,0:13:17.94,0:13:23.19,Default,,0000,0000,0000,,process. But that's not the only place\Nthis could happen. We know that national
Dialogue: 0,0:13:23.19,0:13:30.31,Default,,0000,0000,0000,,security agencies intercept shipments of\Ncomputer hardware and then have their
Dialogue: 0,0:13:30.31,0:13:37.25,Default,,0000,0000,0000,,tailored access operations open the\Ncomputers, install hardware implants,
Dialogue: 0,0:13:37.25,0:13:43.67,Default,,0000,0000,0000,,reseal them and then have them continue on\Ntheir way in shipment. The NSA even has a
Dialogue: 0,0:13:43.67,0:13:51.20,Default,,0000,0000,0000,,catalog of hardware implants like this\NJTAG implant Ethernet jacks with embedded
Dialogue: 0,0:13:51.20,0:13:57.01,Default,,0000,0000,0000,,computers in them as well as firmware\Nspecific ones that target servers SNM(?)
Dialogue: 0,0:13:57.01,0:14:05.49,Default,,0000,0000,0000,,and then some that can do data\Nexfiltration via RF. So that's sort of
Dialogue: 0,0:14:05.49,0:14:09.48,Default,,0000,0000,0000,,tailored access operations is really ideal\Nfor this supply chain attack because it
Dialogue: 0,0:14:09.48,0:14:16.70,Default,,0000,0000,0000,,allows them to contain the exploit to a\Nsingle customer. It allows them fairly
Dialogue: 0,0:14:16.70,0:14:21.18,Default,,0000,0000,0000,,good concealment as well as good cover\Nthat if it's discovered it's really hard
Dialogue: 0,0:14:21.18,0:14:25.77,Default,,0000,0000,0000,,to attribute where things went wrong. Now\Nunlike if you find something inside your
Dialogue: 0,0:14:25.77,0:14:34.23,Default,,0000,0000,0000,,motherboard between the layers you know\Nthat had to have happened at the factory.
Dialogue: 0,0:14:34.23,0:14:47.04,Default,,0000,0000,0000,,So Super Micro also claim that this was\Ntechnically implausible, that it was
Dialogue: 0,0:14:47.04,0:14:52.56,Default,,0000,0000,0000,,highly unlikely that unauthorized hardware\Nwould function properly because a third
Dialogue: 0,0:14:52.56,0:15:02.47,Default,,0000,0000,0000,,party with lack of complete knowledge of\Nthe design. I think that's inaccurate,
Dialogue: 0,0:15:02.47,0:15:07.64,Default,,0000,0000,0000,,both because we know the NSA does it and\Nalso because I have done it.
Dialogue: 0,0:15:07.64,0:15:10.32,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:15:10.32,0:15:16.06,Default,,0000,0000,0000,,Really, all that you need to know is that\Nthese are common components. These flash
Dialogue: 0,0:15:16.06,0:15:20.31,Default,,0000,0000,0000,,chips show up on all the boards. You can\Nsearch the internet for the data sheet and
Dialogue: 0,0:15:20.31,0:15:25.99,Default,,0000,0000,0000,,find exactly how it's wired into the rest\Nof the system. And the only thing that we
Dialogue: 0,0:15:25.99,0:15:33.50,Default,,0000,0000,0000,,need to know to communicate to the BMC is\Nthe serial output pin from this component,
Dialogue: 0,0:15:33.50,0:15:43.43,Default,,0000,0000,0000,,so the BMC flash is connected over to the\NBMC CPU via the serial output and it goes
Dialogue: 0,0:15:43.43,0:15:51.59,Default,,0000,0000,0000,,through a small series resistor and that\Nis where my implant goes in. Mine's a
Dialogue: 0,0:15:51.59,0:15:56.67,Default,,0000,0000,0000,,little bit larger than that resistor. It\Nclicks onto the board and it has a small
Dialogue: 0,0:15:56.67,0:16:03.01,Default,,0000,0000,0000,,FPGA that hangs offside but it's\Ncompletely plausible to fit it into
Dialogue: 0,0:16:03.01,0:16:12.14,Default,,0000,0000,0000,,something that small in fact a modern ARM\NM0 fits in the space of two transistors
Dialogue: 0,0:16:12.14,0:16:18.35,Default,,0000,0000,0000,,from a 65 002 from a few years ago. The\NMoore's Law means we can pack an amazing
Dialogue: 0,0:16:18.35,0:16:28.33,Default,,0000,0000,0000,,amount of CPU into a very very small\Namount of space. So on that 0 6 0 3
Dialogue: 0,0:16:28.33,0:16:36.10,Default,,0000,0000,0000,,resistor could fit around 100 cortex M0 it\Nwould be plenty powerful for this system.
Dialogue: 0,0:16:36.10,0:16:42.38,Default,,0000,0000,0000,,The problem is we only have those two pins\Nso ordinarily on the spy flashing you need
Dialogue: 0,0:16:42.38,0:16:47.72,Default,,0000,0000,0000,,at least six pens but we don't have power\Nand ground so we have to passively power
Dialogue: 0,0:16:47.72,0:16:53.06,Default,,0000,0000,0000,,this through the data signal that's\Npassing through it. We don't have the chip
Dialogue: 0,0:16:53.06,0:16:59.96,Default,,0000,0000,0000,,select pin so we have to guess when this\Nchip has been talked to. We don't have the
Dialogue: 0,0:16:59.96,0:17:04.98,Default,,0000,0000,0000,,data input pin so we don't know what\Naddresses are being read or what commands
Dialogue: 0,0:17:04.98,0:17:11.19,Default,,0000,0000,0000,,are being sent. We have to reconstruct it\Nfrom the data output pin and we also don't
Dialogue: 0,0:17:11.19,0:17:18.90,Default,,0000,0000,0000,,have a clock pin so we have to figure out\Nhow to synchronize to that clock. Lastly
Dialogue: 0,0:17:18.90,0:17:22.89,Default,,0000,0000,0000,,we don't have the ability to make\Narbitrary data changes. All we can do is
Dialogue: 0,0:17:22.89,0:17:29.06,Default,,0000,0000,0000,,disconnect the pin from the BMC so we can\Nonly turn 1 bits into 0 bits. We can't go
Dialogue: 0,0:17:29.06,0:17:35.30,Default,,0000,0000,0000,,the other way around. So with these\Nlimitations we can still do some pretty
Dialogue: 0,0:17:35.30,0:17:40.92,Default,,0000,0000,0000,,interesting things. Recovering the clock\Nis actually pretty easy. We can look at
Dialogue: 0,0:17:40.92,0:17:49.67,Default,,0000,0000,0000,,the data stream and find the shortest bit\Ntransitions from 0 1 0 or 1 0 1 to
Dialogue: 0,0:17:49.67,0:17:55.06,Default,,0000,0000,0000,,estimate what the clock is which allows us\Nto then reconstruct that data stream being
Dialogue: 0,0:17:55.06,0:18:00.87,Default,,0000,0000,0000,,sent to the BMC and if we look at the\Nflash contents we can see that a lot of it
Dialogue: 0,0:18:00.87,0:18:07.57,Default,,0000,0000,0000,,is being fairly random noise but a lot of\Nit is all white which in this case would
Dialogue: 0,0:18:07.57,0:18:15.11,Default,,0000,0000,0000,,mean that it's all one bits. So if we look\Nat the way the flash is organized we can
Dialogue: 0,0:18:15.11,0:18:19.38,Default,,0000,0000,0000,,see there's the u-boot bootloader and\Nthat's executable. That's kind of
Dialogue: 0,0:18:19.38,0:18:25.23,Default,,0000,0000,0000,,difficult to make useful changes in, the\Nkernel and the root file system are both
Dialogue: 0,0:18:25.23,0:18:33.04,Default,,0000,0000,0000,,compressed so that they look effectively\Nlike random noise but the nvram region is
Dialogue: 0,0:18:33.04,0:18:41.66,Default,,0000,0000,0000,,a jffs2 file system and this file system\N??? 3 Megs, it's mostly empty and all that
Dialogue: 0,0:18:41.66,0:18:50.04,Default,,0000,0000,0000,,empty space is F F which is all ones. So\Nthis is plenty of ones for us to work on.
Dialogue: 0,0:18:50.04,0:18:55.38,Default,,0000,0000,0000,,Additionally it has fairly nice headers\Nthat we can we can match on. So when we
Dialogue: 0,0:18:55.38,0:19:00.57,Default,,0000,0000,0000,,see these magic bit masks we know when\Nwe've entered different parts of the file
Dialogue: 0,0:19:00.57,0:19:06.99,Default,,0000,0000,0000,,system. So given that we can now\Nreconstruct the clock we can figure out
Dialogue: 0,0:19:06.99,0:19:13.31,Default,,0000,0000,0000,,where we are in the file system. This\Nhardware implant can start to inject new
Dialogue: 0,0:19:13.31,0:19:20.32,Default,,0000,0000,0000,,data into what was the empty space. So\Nthis short file that we put in here is a
Dialogue: 0,0:19:20.32,0:19:28.02,Default,,0000,0000,0000,,small shell script and it is one of the\Nnetwork configuration scripts, so this is
Dialogue: 0,0:19:28.02,0:19:37.35,Default,,0000,0000,0000,,where I'm going to try a live demo and I\Nhope this works. We're running in qemu
Dialogue: 0,0:19:37.35,0:19:45.66,Default,,0000,0000,0000,,since I didn't bring a Super Micro board\Nand what we have on the left is the flash
Dialogue: 0,0:19:45.66,0:19:50.53,Default,,0000,0000,0000,,console excuse me the hardware implant\Nconsole. And then on the right we have the
Dialogue: 0,0:19:50.53,0:19:57.35,Default,,0000,0000,0000,,serial console from the BMC so we can see\Nit has loaded the kernel and in a second
Dialogue: 0,0:19:57.35,0:20:03.43,Default,,0000,0000,0000,,it's going to we should see a bunch of\Ntraffic, okay, so the implant is active.
Dialogue: 0,0:20:03.43,0:20:10.45,Default,,0000,0000,0000,,It has replaced the data when that nvram\Nfile system was mounted the BMC is now
Dialogue: 0,0:20:10.45,0:20:18.78,Default,,0000,0000,0000,,continuing on doing its set up. It's going\Nto load a bunch of device drivers for that
Dialogue: 0,0:20:18.78,0:20:24.25,Default,,0000,0000,0000,,video. It pauses here for some reason that\NI haven't diagnosed because that's that's
Dialogue: 0,0:20:24.25,0:20:27.04,Default,,0000,0000,0000,,not my job.
Dialogue: 0,0:20:27.04,0:20:29.14,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:20:29.14,0:20:33.02,Default,,0000,0000,0000,,And eventually it's going to configure the\Nnetworks and it does that by running that
Dialogue: 0,0:20:33.02,0:20:43.01,Default,,0000,0000,0000,,shell script off of the nvram partition\Nhere it starts KVM stuff brings up some
Dialogue: 0,0:20:43.01,0:20:53.39,Default,,0000,0000,0000,,things. Allright.\N{\i1}applause{\i0}
Dialogue: 0,0:20:53.39,0:21:01.92,Default,,0000,0000,0000,,OK. So luckily we got to that point\Nwithout having to fake the demo. In the
Dialogue: 0,0:21:01.92,0:21:07.82,Default,,0000,0000,0000,,hardware it's really flaky. My version\Nworks about one in eight times. But it
Dialogue: 0,0:21:07.82,0:21:12.04,Default,,0000,0000,0000,,doesn't typically cause a crash. So that's\Nactually good for concealment because it
Dialogue: 0,0:21:12.04,0:21:17.85,Default,,0000,0000,0000,,becomes now much harder to determine which\Nmachines are affected. In qemu because
Dialogue: 0,0:21:17.85,0:21:21.64,Default,,0000,0000,0000,,it's emulating, it's a little more\Nreliable but it's still it's only two out
Dialogue: 0,0:21:21.64,0:21:26.76,Default,,0000,0000,0000,,of three. If we let the BMC boot a little\Nbit further it actually prints out this
Dialogue: 0,0:21:26.76,0:21:32.12,Default,,0000,0000,0000,,message. And if you hit enter it drops you\Nto a shell with no password and you can
Dialogue: 0,0:21:32.12,0:21:38.17,Default,,0000,0000,0000,,then just run commands as root on the BMC\Nand that's a lot easier than all this
Dialogue: 0,0:21:38.17,0:21:43.44,Default,,0000,0000,0000,,stuff with the SPI bus if you wanted to\Nbuild a hardware implant against it. I
Dialogue: 0,0:21:43.44,0:21:48.54,Default,,0000,0000,0000,,don't know where the serial port is on the\Non the Super Micro but on a different tier
Dialogue: 0,0:21:48.54,0:21:54.03,Default,,0000,0000,0000,,1 server mainboard I was able to probe\Naround the oscilloscope and locate the
Dialogue: 0,0:21:54.03,0:22:00.83,Default,,0000,0000,0000,,serial console for the BMC. Figure out\Nit's 115 kbaud and it has the same code
Dialogue: 0,0:22:00.83,0:22:06.05,Default,,0000,0000,0000,,that you hit enter and you can run\Ncommands there. So that's a much easier
Dialogue: 0,0:22:06.05,0:22:11.99,Default,,0000,0000,0000,,way to do it. A big question a lot of\Npeople have is how do we actually detect
Dialogue: 0,0:22:11.99,0:22:18.10,Default,,0000,0000,0000,,this sort of flash implant. A lot of high\Nassurance sites replace all of their roms
Dialogue: 0,0:22:18.10,0:22:22.76,Default,,0000,0000,0000,,with ones that they flash themselves but\Nthat doesn't get rid of the implant
Dialogue: 0,0:22:22.76,0:22:28.96,Default,,0000,0000,0000,,because it's outside of the ROM chip.\NLikewise reading the ROM chip doesn't show
Dialogue: 0,0:22:28.96,0:22:35.32,Default,,0000,0000,0000,,anything because it's not in the ROM\Nitself it's it's outside of it. Even
Dialogue: 0,0:22:35.32,0:22:40.65,Default,,0000,0000,0000,,hooking up a logic analyzer to the bus and\Nwatching as the machine boots and seeing
Dialogue: 0,0:22:40.65,0:22:45.78,Default,,0000,0000,0000,,the data stream coming out of the flash\Nwon't actually reveal the implant because
Dialogue: 0,0:22:45.78,0:22:51.77,Default,,0000,0000,0000,,you'd have to put the logic probes on the\NPGA pads on the flat on the BMC itself.
Dialogue: 0,0:22:51.77,0:22:58.14,Default,,0000,0000,0000,,And that's a much harder task. Some people\Nthink "oh well we can see the weird
Dialogue: 0,0:22:58.14,0:23:03.15,Default,,0000,0000,0000,,network traffic when the BMC tries to\Nexfiltrate the data" but that would be
Dialogue: 0,0:23:03.15,0:23:08.03,Default,,0000,0000,0000,,that's only one way for the BMC to affect\Nthings. There is a great talk a few years
Dialogue: 0,0:23:08.03,0:23:13.41,Default,,0000,0000,0000,,ago at DefCon from Intel ATR where they\Nshowed how something that can control the
Dialogue: 0,0:23:13.41,0:23:19.02,Default,,0000,0000,0000,,system firmware can backdoor hypervisors.\NAnd then they gave a use case where a
Dialogue: 0,0:23:19.02,0:23:26.18,Default,,0000,0000,0000,,unprivileged guest on a cloud system could\Nread all of the rest of physical memory so
Dialogue: 0,0:23:26.18,0:23:34.76,Default,,0000,0000,0000,,it could see all of the other guests\Nmemory. So what do we do? The big problems
Dialogue: 0,0:23:34.76,0:23:39.56,Default,,0000,0000,0000,,is the BMC has way too many privileges.\NIt's connected to pretty much everything
Dialogue: 0,0:23:39.56,0:23:46.65,Default,,0000,0000,0000,,in the system but the BMC is not our only\Nconcern. As @whitequark said, our PCs are
Dialogue: 0,0:23:46.65,0:23:52.30,Default,,0000,0000,0000,,just a bunch of embedded devices in a\Ntrench coat and they all have firmware. In
Dialogue: 0,0:23:52.30,0:23:56.68,Default,,0000,0000,0000,,fact pretty much everything on your system\Nmore complex than a resistor probably has
Dialogue: 0,0:23:56.68,0:24:01.27,Default,,0000,0000,0000,,firmware and if you have one of those\NSuper Micro implants maybe even your
Dialogue: 0,0:24:01.27,0:24:08.50,Default,,0000,0000,0000,,resistors have firmware as well. I've\Nfound that the firmware and things like
Dialogue: 0,0:24:08.50,0:24:15.15,Default,,0000,0000,0000,,the power supplies can be used to gain\Ncode execution on the BMC. It's really
Dialogue: 0,0:24:15.15,0:24:20.75,Default,,0000,0000,0000,,interesting how tightly connected all of\Nour systems are. And as Joe Fit's pointed
Dialogue: 0,0:24:20.75,0:24:26.70,Default,,0000,0000,0000,,out in his blackhat ???? talk, these are\Nnot multimillion dollar attacks these are
Dialogue: 0,0:24:26.70,0:24:33.50,Default,,0000,0000,0000,,five euro bits of hardware that we now\Nhave to really be worried about. I really
Dialogue: 0,0:24:33.50,0:24:38.48,Default,,0000,0000,0000,,like the guidelines that NIST has\Npublished that suggests that we think
Dialogue: 0,0:24:38.48,0:24:43.65,Default,,0000,0000,0000,,about our systems more in this holistic\Nmanner. Although the interpreting pretty
Dialogue: 0,0:24:43.65,0:24:50.29,Default,,0000,0000,0000,,much everything into the TPM is the\Ntrusted platform module for doing this
Dialogue: 0,0:24:50.29,0:24:55.58,Default,,0000,0000,0000,,attestation and I think we as a community\Nneed to do more to use the TPM. There
Dialogue: 0,0:24:55.58,0:25:01.06,Default,,0000,0000,0000,,actually a really good tool for securing\Nour systems but they are also potentially
Dialogue: 0,0:25:01.06,0:25:08.03,Default,,0000,0000,0000,,subject to their own hardware implants.\NThe NCC Group TPM genie is able to subvert
Dialogue: 0,0:25:08.03,0:25:14.60,Default,,0000,0000,0000,,the core root of trust by interposing on\Nthe TPM. So a lot of folks are proposing
Dialogue: 0,0:25:14.60,0:25:19.16,Default,,0000,0000,0000,,we should move to other trusted execution\Nenvironments like SGX or Trustzone. And I
Dialogue: 0,0:25:19.16,0:25:24.96,Default,,0000,0000,0000,,think these have a lot of promise\Nespecially for trusted cloud computing.
Dialogue: 0,0:25:24.96,0:25:30.97,Default,,0000,0000,0000,,There also is a lot of innovation in the\Nhardware roots of trust going on right now
Dialogue: 0,0:25:30.97,0:25:34.86,Default,,0000,0000,0000,,between the Google Titan, which initially\Nwas for their servers and is now showing
Dialogue: 0,0:25:34.86,0:25:39.74,Default,,0000,0000,0000,,up on all of their chrome books. The\NMicrosoft Cerberus chip which again is the
Dialogue: 0,0:25:39.74,0:25:46.71,Default,,0000,0000,0000,,Azure system. They're actually publishing\Ntheir firmware and the ASIC design so that
Dialogue: 0,0:25:46.71,0:25:49.88,Default,,0000,0000,0000,,people can have a little more faith in it\Nand they hope it will become an open
Dialogue: 0,0:25:49.88,0:25:56.78,Default,,0000,0000,0000,,standard. And companies like Apple have\Nalso gone their own way. With the T2 and
Dialogue: 0,0:25:56.78,0:26:00.62,Default,,0000,0000,0000,,the T2's are really amazing chip for\Nsecuring systems. But it does so at the
Dialogue: 0,0:26:00.62,0:26:06.79,Default,,0000,0000,0000,,expense of user freedom and that gets in\Nthe way of what I think the real way that
Dialogue: 0,0:26:06.79,0:26:11.13,Default,,0000,0000,0000,,we need to.. we need to solve this\Nproblem. We need to get rid of a lot of
Dialogue: 0,0:26:11.13,0:26:18.83,Default,,0000,0000,0000,,these secrets. Counter to what the Super\NMicro CEO said, having a secret
Dialogue: 0,0:26:18.83,0:26:22.77,Default,,0000,0000,0000,,motherboard design does not make you more\Nsecure. Things like the Open Compute
Dialogue: 0,0:26:22.77,0:26:27.14,Default,,0000,0000,0000,,hardware I think is a good vision for how\Nwe can move forward that when you buy an
Dialogue: 0,0:26:27.14,0:26:33.03,Default,,0000,0000,0000,,Open Compute server it comes with full\Nschematics and gerber files. So that
Dialogue: 0,0:26:33.03,0:26:37.91,Default,,0000,0000,0000,,motivated customers can verify that the\Nsystems that they're buying are the ones
Dialogue: 0,0:26:37.91,0:26:42.14,Default,,0000,0000,0000,,that they think they that they're buying\Nthat all of the components are what they
Dialogue: 0,0:26:42.14,0:26:49.25,Default,,0000,0000,0000,,think they should be. I think the firmware\Nalso needs more openness. Ronald Minnich,
Dialogue: 0,0:26:49.25,0:26:56.15,Default,,0000,0000,0000,,Google is my co-lead on Linux boot project\Nand we think that Linux in the firmware is
Dialogue: 0,0:26:56.15,0:27:03.82,Default,,0000,0000,0000,,a way forward to get a more secure more\Nflexible and more resilient system. We're
Dialogue: 0,0:27:03.82,0:27:09.98,Default,,0000,0000,0000,,working with a spin off project called\Nmicro BMC that is using the Linux boot
Dialogue: 0,0:27:09.98,0:27:16.58,Default,,0000,0000,0000,,tools to build BMC firmware and this is\Nopensource. It's reproducibly built it can
Dialogue: 0,0:27:16.58,0:27:22.74,Default,,0000,0000,0000,,work with roots of trust attestation. It's\Nwritten in a memory safe language since
Dialogue: 0,0:27:22.74,0:27:27.74,Default,,0000,0000,0000,,it's a Google collaboration and go. And\Nmore importantly we've thrown away all of
Dialogue: 0,0:27:27.74,0:27:31.24,Default,,0000,0000,0000,,the legacy features that have been a\Nsource of a lot of security
Dialogue: 0,0:27:31.24,0:27:40.96,Default,,0000,0000,0000,,vulnerabilities in these systems. So did\Nit happen? I don't know. Is it technically
Dialogue: 0,0:27:40.96,0:27:44.52,Default,,0000,0000,0000,,possible? I think so. I hope I've\Nconvinced all of you that this is
Dialogue: 0,0:27:44.52,0:27:50.77,Default,,0000,0000,0000,,definitely a technical possibility that we\Nneed to be concerned about and I hope that
Dialogue: 0,0:27:50.77,0:27:56.26,Default,,0000,0000,0000,,the way forward through hardware roots of\Ntrust with attestation and more
Dialogue: 0,0:27:56.26,0:28:01.40,Default,,0000,0000,0000,,importantly with open hardware so that we\Nknow that what the machines were running
Dialogue: 0,0:28:01.40,0:28:07.13,Default,,0000,0000,0000,,are running code that we know.. the code\Nthat we've built that we understand and
Dialogue: 0,0:28:07.13,0:28:13.08,Default,,0000,0000,0000,,that we can actually have a good chance of\Nbeing able to take control back of them.
Dialogue: 0,0:28:13.08,0:28:18.30,Default,,0000,0000,0000,,If you're interested in more discussion on\Nthis and also on open firmware, there's an
Dialogue: 0,0:28:18.30,0:28:23.85,Default,,0000,0000,0000,,assembly here in this hall that has a\Nbunch folks working on a core boot and
Dialogue: 0,0:28:23.85,0:28:29.11,Default,,0000,0000,0000,,Linux boot and a lot of these projects\Nwhere you can help contribute and you can
Dialogue: 0,0:28:29.11,0:28:37.51,Default,,0000,0000,0000,,help also pressure vendors to make these\Nthis standard and a way forward for a more
Dialogue: 0,0:28:37.51,0:28:42.00,Default,,0000,0000,0000,,secure computing. So thank you all for\Ncoming. And I really enjoyed the chance to
Dialogue: 0,0:28:42.00,0:28:50.38,Default,,0000,0000,0000,,show off my modship of the state.
Dialogue: 0,0:28:50.38,0:28:56.03,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:28:56.03,0:29:02.60,Default,,0000,0000,0000,,Herald: Geat talk, thank you very much\NTrammel. We have 10 minutes for questions
Dialogue: 0,0:29:02.60,0:29:11.08,Default,,0000,0000,0000,,so please line up at the microphones if\Nyou have questions. And we also have a
Dialogue: 0,0:29:11.08,0:29:25.39,Default,,0000,0000,0000,,signal angel probably with questions from\Nthe internet. So any questions? Microphone
Dialogue: 0,0:29:25.39,0:29:29.87,Default,,0000,0000,0000,,number three?\NMic 3: Yes, I was going to ask, what's
Dialogue: 0,0:29:29.87,0:29:35.65,Default,,0000,0000,0000,,your opinion on the Talos systems? The\NopenPOWER based ones?
Dialogue: 0,0:29:35.65,0:29:41.83,Default,,0000,0000,0000,,Trammell: So the question is about the\NTalos power 9 based systems power 9 is a
Dialogue: 0,0:29:41.83,0:29:48.49,Default,,0000,0000,0000,,really interesting architecture. The.. it\Nis using a open firmware very similar to
Dialogue: 0,0:29:48.49,0:29:55.25,Default,,0000,0000,0000,,Linux boot called Petty(??) boot that\Nmoves Linux into the bootloader. I'm a big
Dialogue: 0,0:29:55.25,0:29:58.86,Default,,0000,0000,0000,,fan. There's a lot of folks in the\Nopensource community who are very excited
Dialogue: 0,0:29:58.86,0:30:07.54,Default,,0000,0000,0000,,about it. I'm hoping that there would be\Nmore power nine systems coming out. I'm
Dialogue: 0,0:30:07.54,0:30:13.13,Default,,0000,0000,0000,,also very excited about the brisque five\Nsystems. I think having open source CPUs
Dialogue: 0,0:30:13.13,0:30:19.31,Default,,0000,0000,0000,,use is a real way that we can have more\Nassurance that our systems are what we
Dialogue: 0,0:30:19.31,0:30:22.80,Default,,0000,0000,0000,,think they are.\NHerald: Thank you, microphone number two
Dialogue: 0,0:30:22.80,0:30:27.10,Default,,0000,0000,0000,,please.\NMic 2: Yes, thanks for the talk. I was
Dialogue: 0,0:30:27.10,0:30:32.81,Default,,0000,0000,0000,,wondering if you have just a scope probe\Nover this serial, cause it's just a serial
Dialogue: 0,0:30:32.81,0:30:37.32,Default,,0000,0000,0000,,resistor which we're replacing. If you put\Njust two scope probes on there and measure
Dialogue: 0,0:30:37.32,0:30:41.27,Default,,0000,0000,0000,,the voltage over it, in your situation\Nwould the voltage change there once in a
Dialogue: 0,0:30:41.27,0:30:42.40,Default,,0000,0000,0000,,while?\NTrammell: Yes, yes, yes.
Dialogue: 0,0:30:42.40,0:30:46.54,Default,,0000,0000,0000,,Mic 2: Well okay, in the normal case would\Nit actually be quite consistent current.
Dialogue: 0,0:30:46.54,0:30:56.89,Default,,0000,0000,0000,,Or if you lowered the input impedance of\Nthe BMC chip who might already have fixed
Dialogue: 0,0:30:56.89,0:31:01.76,Default,,0000,0000,0000,,a part of the attack because the output\Nsourcing current of your exploit is
Dialogue: 0,0:31:01.76,0:31:04.90,Default,,0000,0000,0000,,probably limited due to the limited supply\Nyou only can..
Dialogue: 0,0:31:04.90,0:31:12.39,Default,,0000,0000,0000,,Herald: Your question please?\NMic 2: Yes.. but.. do you see a way to get
Dialogue: 0,0:31:12.39,0:31:17.71,Default,,0000,0000,0000,,more power into your setup? Maybe using,\Nwell other power sources, other than the
Dialogue: 0,0:31:17.71,0:31:22.65,Default,,0000,0000,0000,,two pins, or maybe somewhere of..\NTrammell: Well, so the question is about,
Dialogue: 0,0:31:22.65,0:31:28.42,Default,,0000,0000,0000,,would there be a way to do more arbitrary\Nchanges through redesigning the implant.
Dialogue: 0,0:31:28.42,0:31:34.19,Default,,0000,0000,0000,,One of the goals was to fit with only\Nthose two pins so that a single piece on
Dialogue: 0,0:31:34.19,0:31:38.90,Default,,0000,0000,0000,,the motherboard could be replaced. With a\Ndual probe soldering iron and you can pop
Dialogue: 0,0:31:38.90,0:31:45.50,Default,,0000,0000,0000,,it out and stick a new one down in a\Nmatter of seconds. So, yes, if you have
Dialogue: 0,0:31:45.50,0:31:51.81,Default,,0000,0000,0000,,more pins where you can get more power\Nfrom you can do much more interesting
Dialogue: 0,0:31:51.81,0:31:57.46,Default,,0000,0000,0000,,things. But that's.. would require a\Ndifferent set of changes to the
Dialogue: 0,0:31:57.46,0:32:02.48,Default,,0000,0000,0000,,motherboard.\NHerald: Thank you. Microphone 1 please.
Dialogue: 0,0:32:02.48,0:32:09.35,Default,,0000,0000,0000,,Mic 1: So, a lot of the -like- arguments\Nthat these implants were not feasible by a
Dialogue: 0,0:32:09.35,0:32:13.82,Default,,0000,0000,0000,,Super Micro where you also show the\Npicture from the fab that you had to
Dialogue: 0,0:32:13.82,0:32:19.39,Default,,0000,0000,0000,,change the etching and the optical\Ninspection and so on and so on. But how
Dialogue: 0,0:32:19.39,0:32:27.87,Default,,0000,0000,0000,,probable would you rate the fact that some\Nacto just intercepted the manufacturing
Dialogue: 0,0:32:27.87,0:32:33.57,Default,,0000,0000,0000,,files and added that component already in\Nthe file because then all the optical
Dialogue: 0,0:32:33.57,0:32:38.81,Default,,0000,0000,0000,,inspection and that would all say well\Nthat matches what was sent to us. But that
Dialogue: 0,0:32:38.81,0:32:41.65,Default,,0000,0000,0000,,was not necessarily what Super Micro sent\Nto the fab.
Dialogue: 0,0:32:41.65,0:32:44.90,Default,,0000,0000,0000,,Trammell: So the question is, could\Nsomeone have modified all of the
Dialogue: 0,0:32:44.90,0:32:48.62,Default,,0000,0000,0000,,manufacturing files that went to the\Nfactory, and that's absolutely a
Dialogue: 0,0:32:48.62,0:32:54.52,Default,,0000,0000,0000,,possibility. But that's also very likely\Nthat that would be detected by Super Micro
Dialogue: 0,0:32:54.52,0:33:01.17,Default,,0000,0000,0000,,itself that in a lot of cases you don't\Nnecessarily want to trust the company that
Dialogue: 0,0:33:01.17,0:33:05.93,Default,,0000,0000,0000,,is making the product to also test it. And\Nyou probably want to have a separate
Dialogue: 0,0:33:05.93,0:33:11.06,Default,,0000,0000,0000,,company that does random spot checks to\Nverify that the boards are actually being
Dialogue: 0,0:33:11.06,0:33:16.46,Default,,0000,0000,0000,,produced to the specification that you..\Nthat you desire. So it's certainly
Dialogue: 0,0:33:16.46,0:33:24.05,Default,,0000,0000,0000,,possible and I really don't want to\Nspeculate as to the accuracy of that part
Dialogue: 0,0:33:24.05,0:33:31.03,Default,,0000,0000,0000,,of the story but yeah it would require\Nquite a bit more changes. And also would
Dialogue: 0,0:33:31.03,0:33:34.68,Default,,0000,0000,0000,,be much more likely to be detected in the\Nspot check.
Dialogue: 0,0:33:34.68,0:33:38.23,Default,,0000,0000,0000,,Herald: Great. Microphone number two\Nplease.
Dialogue: 0,0:33:38.23,0:33:44.51,Default,,0000,0000,0000,,Mic 2: Yes, for a lot of motherboards\Nthere are also quite a few components not
Dialogue: 0,0:33:44.51,0:33:53.75,Default,,0000,0000,0000,,populated some of which are on which you\Ncould consider sensitive myths. Wouldn't
Dialogue: 0,0:33:53.75,0:33:59.43,Default,,0000,0000,0000,,that make it. Yeah exactly. Wouldn't that\Nmake it very easy to do just pop something
Dialogue: 0,0:33:59.43,0:34:04.54,Default,,0000,0000,0000,,on there in parallel with one of the\Ncomponents and not have it be detected
Dialogue: 0,0:34:04.54,0:34:08.33,Default,,0000,0000,0000,,because it's like the board is modified.\NThere is a component or you have no way of
Dialogue: 0,0:34:08.33,0:34:11.49,Default,,0000,0000,0000,,telling whether it had to be populated or\Nnot?
Dialogue: 0,0:34:11.49,0:34:18.60,Default,,0000,0000,0000,,Trammell: Super Micro puts a lot of extra\Npads on the board in this one particular
Dialogue: 0,0:34:18.60,0:34:28.70,Default,,0000,0000,0000,,one they have both 8 pin and 16 pin flash\Nchip pads that are just in parallel
Dialogue: 0,0:34:28.70,0:34:32.99,Default,,0000,0000,0000,,together. So depending on which chip is\Ncheaper that day of the week or who knows
Dialogue: 0,0:34:32.99,0:34:38.42,Default,,0000,0000,0000,,what, they will populate one or the other.\NSo that's why in this particular photo
Dialogue: 0,0:34:38.42,0:34:47.95,Default,,0000,0000,0000,,having the position of that circle on the\Ndata output pin is very very interesting.
Dialogue: 0,0:34:47.95,0:34:56.66,Default,,0000,0000,0000,,Herald: Question answered? Okay. So one\Nmore question on microphone number two
Dialogue: 0,0:34:56.66,0:35:00.40,Default,,0000,0000,0000,,please?\NMic 2: How far can signing of firmware be
Dialogue: 0,0:35:00.40,0:35:06.47,Default,,0000,0000,0000,,a solution to this problem?\NTrammell: Signing firmware solves a lot of
Dialogue: 0,0:35:06.47,0:35:13.40,Default,,0000,0000,0000,,the issues. It does however not all\Ntypically not all of the firmware are
Dialogue: 0,0:35:13.40,0:35:21.02,Default,,0000,0000,0000,,signed specifically is probably to be\Nsigned in in a modern BMC. The kernel and
Dialogue: 0,0:35:21.02,0:35:25.79,Default,,0000,0000,0000,,maybe the root file system might be\Nsigned. But the envy of RAM file system in
Dialogue: 0,0:35:25.79,0:35:32.59,Default,,0000,0000,0000,,this BMC is designed to be user modifiable\Nso it can't be signed by the manufacturer,
Dialogue: 0,0:35:32.59,0:35:41.34,Default,,0000,0000,0000,,so this sort of attack would work against\Na signed BMC just as well. Also the "Hit
Dialogue: 0,0:35:41.34,0:35:49.51,Default,,0000,0000,0000,,enter to get a serial console" attack\Ncircumvents any signing. There are things
Dialogue: 0,0:35:49.51,0:35:56.14,Default,,0000,0000,0000,,on the host firmware on the x86 like boot\Ncard that do a really good job of making
Dialogue: 0,0:35:56.14,0:36:01.52,Default,,0000,0000,0000,,it harder to get code execution during the\Nboot process. But there have been several
Dialogue: 0,0:36:01.52,0:36:07.72,Default,,0000,0000,0000,,CVEs where it has been implemented poorly.\NSo even though signature's the firmware is
Dialogue: 0,0:36:07.72,0:36:13.80,Default,,0000,0000,0000,,signed, people have still managed to get\Ncode execution during that process.
Dialogue: 0,0:36:13.80,0:36:18.33,Default,,0000,0000,0000,,Herald: Great. Thank you Trammell Hudson\Nagain, a warm round of applause, thank you
Dialogue: 0,0:36:18.33,0:36:21.01,Default,,0000,0000,0000,,very much!
Dialogue: 0,0:36:21.01,0:36:24.01,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:36:24.01,0:36:25.53,Default,,0000,0000,0000,,{\i1}35c3 postrol music{\i0}
Dialogue: 0,0:36:25.53,0:36:52.00,Default,,0000,0000,0000,,Subtitles created by c3subtitles.de\Nin the year 2021. Join, and help us!