bloomberg[.]com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
This has been a big fear for years, but till now it's only been found [AFAIK] in a couple of cases where small batches of credit card readers have been tampered with somewhere along the line before they reached the US. And some lesser brand cell phones have been found to have malware installed from the factory. It probably makes sense for western governments to be suspect of communications gear from companies like ZTE, though I suspect it's more politics, plus the influence of big, powerful biz interests, behind the US Gov's blacklisting of Huawei, at least with their consumer products -- the EU doesn't have a problem with them, and realistically, how many private citizens store national security data on their cell phones & tablets?
This Bloomberg report alleges that there's proof of what we all knew was possible, and it dates to 2015 -- some server motherboards had [have] an extra chip installed to enable spying. It's extremely difficult to detect -- according to the report, the latest version is thin enough to fit between the layers of the motherboard -- while the 2 companies that found it, Apple and Amazon, both deny everything in Bloomberg's report. So there really is no way for us to know if this hardware-enabled spying is happening, & if it is, how wide spread is it? Could this sort of thing be embedded in whatever you're using to read this? Sure. It could be in your cell phone(s), your TV(s), your network router, possibly in every electronic device you own that connects to a network. The targeted servers were/are more complicated & so more difficult to infiltrate, but they're also higher value targets, making it worth the effort -- consumer oriented tech is less likely to provide info or data that spy agencies would be interested in, but then the cost of adding hardware back doors would be Much less too. In that respect it's like spam -- only a minuscule portion of spam email yields any profit, but then the cost of sending out all of that spam is so low, even the relatively few successes make it worth it.
