[HN Gopher] Hackers spent 2 years looting secrets of chipmaker N...
___________________________________________________________________
Hackers spent 2 years looting secrets of chipmaker NXP before being
detected
Author : curiousObject
Score : 181 points
Date : 2023-11-28 14:25 UTC (8 hours ago)
(HTM) web link (arstechnica.com)
(TXT) w3m dump (arstechnica.com)
| fsflover wrote:
| Recent discussion: https://news.ycombinator.com/item?id=38406429
| baybal2 wrote:
| With "cloud" services being mentioned, they say hackers used
| cloud storage to evade detection, but what if the initial
| intrusion vector itself was planted by an AWS employee?
|
| Saudis used their nationals inside Twitter quite brazenly.
| Imagine how many other rouge nation nationals are there being
| used by their governments.
| Jerrrry wrote:
| AWS infrastructure is complaint, Twitter isn't.
|
| Apples to orangutans.
| MakeThemMoney wrote:
| Compliant with what?
| tsujamin wrote:
| that seems like a wildly overcomplicated method of hacking a
| commercial organisation...
| slt2021 wrote:
| these 3rd world authoritarian regimes try to do this all the
| time, for example Russia routinely tries to recruit russian-
| speaking engineers at US/EU companies for industrial
| espionage. for example [1]
|
| there are more cases that nobody publishes about - a lot of
| "ransomware" incidents - are actually employee who suddenly
| received email with malicious URL and clicked on it infecting
| his work computer - gaining plausable deniability by being
| "dumb IT user" while collecting $$$$ from criminal org for
| granting them initial access.
|
| a lot of smaller/obscure outsource IT companies can cause you
| ransomware incident if you decide to terminate software
| development contract with them, because these could be
| literally North Korean hackers working as your sysadmins [2].
|
| 1. https://cpomagazine.com/cyber-security/hacker-offered-
| russia...
|
| 2. https://apnews.com/article/north-korea-weapons-program-it-
| wo...
| miohtama wrote:
| Ransomware attack could have been better option for NXP. It would
| likely be over quickly and force them to take security seriously.
| Now, they were bleeding industrial and trade secrets for more
| than a year.
| pclmulqdq wrote:
| If they had the decency to release some good documentation for
| NXP's devices, I'm sure nobody would mind the hack.
|
| I guess we figured out how one nation-state got transparency from
| NXP.
| bpye wrote:
| Related: Another Vulnerability in the LPC55S69 ROM
|
| https://news.ycombinator.com/item?id=30778778
| shaktaexe wrote:
| This was disclosed about a year and half ago.
| bootloop wrote:
| I am sure there was nothing of that sort to be found. :-)
| Scoundreller wrote:
| That explains why they couldn't figure out what's going on
| internally, even after being inside for 2 years.
|
| Probably got lost and couldn't figure out how to even get
| out.
| incahoots wrote:
| Explains why they stuck around for 2 years lmao
| sonicanatidae wrote:
| First, that documentation would have to exist. ;)
| autoexec wrote:
| > It's likely the TA knows of specific flaws reported to NXP that
| can be leveraged to exploit devices the chips are embedded in,
| and that's assuming they didn't implement backdoors themselves.
| Over 2.5 years (at least), that's not unrealistic."
|
| I assume these chips had backdoors long before Chinese hackers
| started collecting files and saving them to dropbox. Pretty
| convenient to be able to blame Chinese hackers for any backdoors
| that come to light now.
| bell-cot wrote:
| Convenient how, for who?
|
| "Our products only have backdoors because China added those to
| our woulda-been-secure-if-they-hadn't designs..."
|
| That does not sound like a winning sales pitch to me.
| jlarocco wrote:
| Presumably convenient for the group who really added the
| backdoors.
| bell-cot wrote:
| Unless that group is both (1) caught, and (2) threatened
| with serious punishment for adding backdoors, I see no
| convenience.
|
| Any uncaught or beyond-reach-of-the-law group would want to
| take credit for their own work.
| GartzenDeHaes wrote:
| The implication is that it's a nation state, and not one
| of the "bad guys".
| 2OEH8eoCRo0 wrote:
| > A prolific espionage hacking group with ties to China
|
| Lovely
| nickdothutton wrote:
| Your NXP HSM or SHE may not be as secure as you had hoped. Sigh.
| ganzuul wrote:
| What does "several sources" actually mean? Who should that
| exclude?
| mips_r4300i wrote:
| Domestic Chinese MCU company popping up with suspiciously similar
| part functionality to NXP's in 3, 2, 1...
| LeopoldBloom wrote:
| Two major pillars of NXP's sales strategy are their security
| architecture and integration with other NXP devices (primarily
| connectivity ICs since the Marvell Wi-fi acquisition).
|
| They are typically more expensive than competitors (Infineon, TI,
| ST, etc). This is due to their strategy to only compete in
| markets where they believe they can command a healthy profit
| margin.
|
| Going to be a difficult strategy to maintain in a few years when
| there are identical products from China for 1/2 the cost...
| consumer451 wrote:
| [delayed]
___________________________________________________________________
(page generated 2023-11-28 23:01 UTC)