Bloomber’s latest: the hack was in the Ethernet connector. Plausible?

You've by now seen the most recent Bloomberg article that suggests a "major US telecom" has equipment (again made by SuperMicro) with modifications, this time to the Ethernet. Is this plausible? [I have no information on the story or if it occurred, I'm merely discussing the plausibility].

In a word, yes. First, although the image shows copper (RJ45 connector), many telecom servers are wired using fibre. So lets take a look at a 'smart SFP'. What's an SFP you ask? Its a 'Small Form-Factor Pluggable Transceiver'. In a word, its your Ethernet jack. And there are indeed companies who make very small hardware that go inside them that allows capturing traffic and sending it to a remote site (or injecting traffic).

You can see some more information on a type of smart SFP by looking at the Rad MiNID. And there are other manufacturers out there, e.g. Viavi (JDSU).

So hypothetically someone wandered into a room full of telecom servers, they could insert one of this smart SFP and it would be not easily spotted. That smart SFP could indeed capture and/or interact with traffic, locally in that room, from far away.

Now, if the interface were indeed copper, its a bit trickier. Adding a second set of transceiver logic, a bridge, etc., that would take more real-estate. Doable I guess. A device like this 'packet squirrel' could also be used.

One comment on “Bloomber’s latest: the hack was in the Ethernet connector. Plausible?
  1. db Jayme Snyder says:

    I once worked in an environment where an IPv6 broadcast was enough to change the behaviour of handling all future fragmented packets badly on every network adapter of the same vendor in the same layer2 domain until the card was rebooted. I then learned more than I wanted to about the firmware of most converged network adapters. Turns out many are for more powerful and flexible than they need to be for basic IP networking… The same is true about the controllers on your hard disk and in your USB flash drive. You can even buy a fancy non-descript USB cable that runs bad USB emulating a keyboard on demand while passing through the device connecting to it – also has built in bluetooth (read up on USB ninja). That said, there are so many other things to attack which can more easily connect you to other networks or better exfiltrate information. You might just be getting scared into buying 100x overpriced re-badged finisar SFPs your favorite equipment vendor as if one can install and retrieve data from a malicious SFP, a passive optical tap is probably an equal more economical threat.

Leave a Reply

Your email address will not be published. Required fields are marked *

*