reading note 01 - carlosjorr/reading-notes GitHub Wiki

Reading notes 01

1. How is a hardware hack different than a software hack? hardware hacking involves exploiting a flaw in the security of the physical components of a device unlike software hacking, attackers have to be onsite and need physical and reasonably uninterrupted access to the target device to execute hardware hacking,software hacking involves exploiting a flaw in the security of software programs

2. What are the two ways for spies to alter a computer’s hardware? one method is known as interdiction, which consist of manipulating devices as they're in transit from manufacturer to costumer the other method involves seeding changes from the very beginning.

Explain how the hack worked.

1.A Chinese military unit designed and manufactured microchips as small as

a sharpened pencil tip. Some of the chips were built to look like signal conditioning couplers, and they incorporated memory, networking capability, and sufficient processing power for an attack.

2.The microchips were inserted at Chinese factories that supplied Supermicro, one of the world’s biggest sellers of server motherboards.

3.The compromised motherboards were built into servers assembled by Supermicro.

4. The sabotaged servers made their way inside data centers operated by dozens of companies.

5. When a server was installed and switched on, the microchip altered the operating system’s core so it could accept modifications. The chip could also contact computers controlled by the attackers in search of further instructions and code.

6. How were investigators able to trace the chips back to the source? investigator found that the chip had been inserted at factories run by manufacturing subcontractor in china