Twitter | Search | |
Hector Martin Oct 9
Ah, I see, Bloomberg. So instead of a (partial) retraction of your at least half if not fully bullshit China implant story, you're going to now publish *one guy's* claim of Ethernet jack implants. When you had <5 days to check anything he provided.
Reply Retweet Like
Hector Martin Oct 9
Replying to @marcan42
Remember when a certain other security researcher was convinced his Ethernet jacks had implants? Remember all this "evidence"? How *we* knew it was BS? Now consider whether Bloomberg's technically clueless journalists would know it's BS.
Reply Retweet Like
Hector Martin Oct 9
Replying to @marcan42
Seriously, this is just pathetic now. They just went from "1 year and multiple sources" to "<5 days and one guy". This is just negligence.
Reply Retweet Like
Hector Martin Oct 9
Replying to @marcan42
Why is it that every time something like this happens nobody has any hard documentation or analysis results? Ah yes, the best cop-out. "We don't have it any more, we can't give you more details".
Reply Retweet Like
Hector Martin Oct 9
Replying to @marcan42
So now we have *software* detecting *analog* stuff like the "power consumption" of a *network*. None of those words go together. At all.
Reply Retweet Like
Hector Martin
Basically every Ethernet jack I've seen in anything but cheapo consumer routers/switches has been metal. How the hell is this an IOC?
Reply Retweet Like More
Hector Martin Oct 9
Replying to @marcan42
Nevermind that... Ethernet jacks don't have power pins. Where is this module (that uses so much power that it gets hot) magically powering itself from? Nobody runs PoE out to servers. Did they modify the board design to add power pins too?
Reply Retweet Like
Russ Garrett Oct 9
Replying to @marcan42
The NSA's COTTONMOUTH-III implant was housed in a combined ethernet/USB connector, presumably for this reason, but I don't think you usually find those combined sockets in servers.
Reply Retweet Like
Hector Martin Oct 9
Replying to @russss
A quick Google suggests Supermicro servers do sometimes have those, apparently often on the IPMI LAN port. So, sure, they could do it on *that subset* specifically...
Reply Retweet Like
Leif Sawyer Oct 9
Replying to @marcan42
He's thinking of this:
Reply Retweet Like
Hector Martin Oct 9
Replying to @ak_hepcat
That does not have an Ethernet jack pinout. It'd do nothing if you soldered it in place of an Ethernet jack.
Reply Retweet Like
Russ Garrett Oct 9
Replying to @marcan42
It also strikes me that an implant which can only intercept the ethernet interface is not especially useful anyway (better to target the switch), but if you have access to USB as well that might change things.
Reply Retweet Like
Hector Martin Oct 9
Replying to @russss
Makes way more sense to just go after the BMC in a pure software implant. That has USB, PCIe, video, Ethernet, *everything*.
Reply Retweet Like
George Porter Oct 9
Replying to @marcan42
I have no idea what is going on with this story, but SFP+, QSFP, and QSFP28 are active cables with on-board processors, pulling 1-2W each
Reply Retweet Like
Hector Martin Oct 9
Replying to @georgemporter
Optics != processors. Good luck getting a 10GbE capable implant into that power budget and size. Also good luck finding an SFP+ cage that isn't made of metal.
Reply Retweet Like
Daniel Cincunegui Oct 9
Replying to @marcan42
Minor nit: power is available for the jack itself since it typically has two LEDs. So if you modified a jack previous to board mounting, you have power. Not enough to need heat dissipation, but enough to run a small chip.
Reply Retweet Like
Hector Martin Oct 9
Replying to @danielcincu
Not a small chip able to MITM 1000BASE-T. You aren't going to get more than 60mW from an LED.
Reply Retweet Like
Hector Martin Oct 9
Replying to @danielcincu
Just a single 100BASE-TX PHY is twice that, a 1000BASE-T one is like 500mW.
Reply Retweet Like
Daniel Cincunegui Oct 9
Replying to @marcan42
You don't get the power from the led, you draw power from its supply. It only needs to run the logic. You would get further intermitent power from the jack pins. Not backing the Bloomberg piece, just saying it's possible.
Reply Retweet Like
Daniel Cincunegui Oct 9
Replying to @marcan42
Notice the LED pins are totally independent.
Reply Retweet Like