Friday Morning News

Originally published at: https://appletalk.com.au/2018/10/friday-morning-news051018/

Bloomberg’s making headlines this morning for their story of The Big Hack, where Chinese spies compromised many US technology companies via the supply chains of Supermicro, a well-known hardware vendor for the servers used in many datacentres worldwide, including those owned by Apple and Amazon. The story goes that somewhere in Supermicro’s supply chain, Chinese spies planted a chip no bigger than a grain of rice which compromised the entire board, and while all of this seems theoretically possible, the lack of any hard evidence makes it all very hard to believe, as incredible as the story is.

For their part, Amazon and Apple have both emailed statements to Bloomberg, both strongly denying Bloomberg’s reporting, as well as publishing their own statements on sites they control. Amazon’s statement, signed by their chief information security officer, says Amazon has never found any modified hardware or malicious chips, nor did they ever investigate any such issue with the government. Apple’s statement is very similar, saying that while they did discover compromised driver on some server hardware in 2015, that was an isolated incident and not a targeted attack, nor did Apple ever reach out to the FBI to investigate any compromised hardware.

If you read Apple’s statement in full, you’ll know two things: that they are very, very good at PR and sending a consistent message, and that the message they’re sending regarding user data and how high they prioritise user privacy, even when its stored on servers and in locations they don’t have explicit control over, comes all the way from the top. Apple CEO Tim Cook recently spoke to Vice about those topics and more, and TechCrunch has the transcript.

Apple is donating USD $1 million to earthquake and tsunami relief efforts in Indonesia, after the island of Sulawesi was hit by a 7.5 magnitude earthquake and tsunami on September 28. While Apple usually collects donations from their customers for various relief efforts for natural disasters worldwide, those donations are currently going towards Hurricane Florence relief efforts.

9to5Mac reminds us that today’s the first day you can buy the Apple Watch Series 4 Nike+. Although you’ve been able to pre-order them since the launch of the original, limited quantities should be available in-store starting today, along with the new reflective Nike Sport Loop, which probably won’t be sold separately for a few months.

Apple has removed a few colour options from the BeatsX lineup, as well as dropping prices. BeatsX are now available in either black or silver, and start at $164.95 — previously $199 in Australia, if I recall correctly? Speculation says Apple are simply bringing BeatsX closer to its “street price”, but I’d like to hope it’s because in-ear AirPods are on the way.

An updated version of the version of iTunes that still allows access to the iOS App Store was released by Apple a few weeks ago, but at the time, people who thought they could use it when they updated to macOS Mojave found they were wrong after they updated. Now Apple has updated the page on how to deploy apps in a business environment to explicitly say iTunes 12.6.5 is not compatible with macOS Mojave.

It seems some owners of 2018 MacBook Pros are running into issues installing Mojave on their machines. Unspecified errors and issues relating to bridgeOS seem to be the main culprits, with no reliable workaround available although some have reported success with an SMC reset.

In app update news, Google Maps is attempting to make commuting to work better by giving you live traffic details before you start your journey. Google Translate can now translate into Australian English as well as UK and Indian (English, mind you), and Fantastical now offers a bunch of new watch complications for Series 4 owners.

It’s been a while, but if you’re looking for something to play this weekend, then Civ VI launched on iPhone this week. And it’s not some cut-down version of the full game on desktops either, but the real deal with a price tag to match, although you can get it at a 60% discount until Oct 16. There’s a free trial you can play through to see if you can stomach it on the small screen, otherwise Ars has a review.

The grain-of-rice sized alleged-but-refuted hack story is interesting. I didn’t think that Bloomberg were a riffraff news mob like Murdoch…? So - does that mean - where there’s smoke… there’s rice-sized-chips spying on Apple…? Or is it all garbage?

A good friend of mine who’s technical ability I respect a LOT is of the opinion that the stated capabilities do not exist in a package of the size described and that if they could be squeezed into a package of that size then the input and output would not be able to be used with conventional boards but would require special small scale interfaces which would make the small size pointless (because that interface would be of a larger size).

This agrees with my (somewhat out of date) training so I’m going with… garbage.

I call garbage, which is a shame as Bloomberg used to be reasonable news source that verified their sources before publishing stories (but then again that was a long long long time ago when I used to work in the news industry… approx. 18 years ago).

Unfortunately, in many cases, “news” these days is about as real as “reality TV” is (IMHO)

Has everyone forgotten the Snowden releases, detailing that the NSA were doing just this kind of thing?

If this type of inserted chips are being used then they aren’t of the size and type described and they’ll be hidden in plain sight looking like normal chips, probably with government orders which force companies not to talk about them.

That might be possible from the NSA if (and only if) the government force companies to insert these devices, that doesn’t apply to China which is why I don’t believe the Chinese could do this.

That is in a way why Huawai have been banned from various government contracts in Australia because the government are concerned that the Chinese government have either inserted these chips or software to do a similar things.

But again it requires government support, China can’t do that with Apple or with Google.

But the NSA could silence Apple et al if they were “attacked” in the name of national security… (I’m guessing )

True but that doesn’t get around the ‘grain of rice’ size issue.

If there had been claims that existing chips had been replaced with compromised ones in servers, chips of same size packaging then maybe… but ‘grain of rice’.

To me that aspect sounded pretty odd as well - if nothing else - how would something like that be interfaced with the board after its manufacture? Unless it was actually added during the manufacture stage.

The story was that the vendor had no knowledge. The NSA was intercepting the delivery chain between vendor and distributor or customer. I have an interesting experience where I noticed something odd the day after the story broke. Not sure I should talk too much about it though.

Why not? It’s not as if the [redacted] are monitoring this website, or [redacted] even give a [redacted] about what anyone here might [redacted].

Oh well, why not?

I’d read the article about the NSA redirecting delivery trucks and implanting servers, either one evening or early one morning.

We’d received two servers from a well known networking company who had started selling servers. First one installed and run up, all good. The second one reported different CPU types, more RAM and less HDD space than expected. Scratching my head, I checked the box the server came in and all the stickers on the outside had the correct serial numbers and specs as expected. The physical box had a different serial number.

When talking to our vendor, they got quite refused as to how the wrong server could end up in the wrong box. They were quite shocked when I sent them links to the article. They agreed to an RMA.

I’ve always wondered if this had been just a weird coincidence, or I got an implanted server and some despot got a clean one.