China implemented a tiny chip to infiltrate American companies
According to extensive interviews with government and corporate sources, the hack by Chinese spies reached approximately thirty companies in the United States, including Apple and Amazon, and compromised America's technology supply chain. Both of these companies were affected by the strike.
The flaw in the baseband – or radio modem – of UNISOC's chipset was discovered by researchers at Check Point Research who were hunting for remote attack vectors for the silicon. It turns out that the issue affects not only low-end cellphones but also some smart televisions.
Check Point discovered that attackers might transmit a specially crafted radio packet to a nearby device to cause the firmware to crash, probably until the device is rebooted. This would be accomplished by broadcasting non-access stratum (NAS) messages that, when received and processed by the firmware of UNISOC, would result in a heap memory overwrite.
"They quickly reviewed NAS message handlers and discovered a vulnerability that might be exploited to disrupt the device's radio transmission using a corrupted packet," the researchers stated in a lengthy and intriguing report released this week.
According to two U.S. officials, the chips were implanted during the production process by operators from a People's Liberation Army unit. China's spies appear to have discovered in Supermicro the ideal route for what U.S. authorities now describe as the most severe supply chain attack ever launched against American companies.
According to one person, investigators discovered that it ultimately damaged nearly 30 firms, including a central bank, government contractors, and the most valuable company in the world, Apple Inc. Apple was a significant Supermicro customer and had planned to purchase over 30,000 of its servers for a new worldwide network of data centres within two years. Three top Apple insiders claim that the company discovered harmful chips on Supermicro motherboards in the summer of 2015. The following year, Apple broke ties with Supermicro for what it said as unrelated reasons.
In conversations that began under the Obama administration and continued through the Trump administration, six current and former top national security officials have described the finding of the chips and the government's investigation. The official and one of the sources also detailed Amazon's involvement with the probe. Four of the six U.S. authorities acknowledged that Apple was a victim and the three Apple employees. Seventeen individuals validated the manipulation of Supermicro's hardware and other aspects of the attacks. Because the information was sensitive and, in some cases, classified, anonymity was offered to the informants.
According to a government official, China's objective was long-term access to high-value company secrets and sensitive government networks. No consumer information has been reported stolen.
The effects of the strike are still being felt. In its most recent wave of trade sanctions on China, the Trump administration has targeted computer and networking hardware, including motherboards, and White House officials have made it plain that they believe companies will begin transferring their supply chains to other countries as a result. Such a change might appease officials who have been warning for years about the security of the supply chain but never disclosing a significant cause for their concerns.
With a sufficient broadcast resulting in a faulty NAS message, an attacker might remotely crash the modem, leading to a denial-of-service or remote code execution, allowing them to take control of the devices.
Check Point notified the vulnerability, CVE-2022-20210, to UNISOC in May, and the chip manufacturer issued a patch later that month. According to the cybersecurity firm, Google will implement this remedy in its future Android Security advisory. If feasible, Check Point advised users to update the operating system on their UNISOC-powered devices to the most recent version.
Allied Market Research predicts that the mobile security market will grow from $3.3 billion in 2020 to $22.1 billion in 2030, driven in large part by the increase in online mobile payments, the use of mobile devices for tasks involving sensitive information – such as banking information, credit card numbers, and social security numbers – and the adoption of bring-your-own-device (BYOD) policies in the workplace.