A deep dive into the technical feasibility of Bloomberg's controversial "Chinese backdoored servers" story

Last October, Bloomberg published what seemed to be the tech story of the year: a claim that Supermicro, the leading supplier of servers to clients from the Pentagon and Congress to Amazon, Apple and NASA, had been targeted by Chinese spies who'd inserted devastating, virtually undetectable hardware backdoors into their motherboards by subverting a small subcontractor in China.

But the story didn't quite add up. After it was published, the tech giants implicated in it released detailed, unequivocal denials, themselves almost without precedent -- Big Tech's PR strategy during this kind of scandal is usually limited to terse denials that do not delve into detail. Instead, companies named in the story went into lavish detail explaining why it wasn't true, and couldn't be true.

These denials also don't add up: Bloomberg says it sourced its story from multiple (anonymous) sources who had direct knowledge of the incidents and who had been employed in the named organizations while they were unfolding. Bloomberg stood by its reporting, and implied that the idea that all these sources from different organizations would collude to pull off a hoax like this.

Faced with the seemingly impossible task of sorting truth from hoax in the presence of contradictory statements from Big Tech and Bloomberg, technical experts began trying to evaluate whether the hacks attributed to the Chinese spy agencies were even possible: at first, these analyses were cautiously skeptical, but then they grew more unequivocal.

Last month, Trammell Hudson -- who has developed well-regarded proof-of-concept firmware attacks -- gave a detailed talk giving his take on the story at the Chaos Communications Congress in Leipzig. Read the rest