We revisit the question raised by the Bloomberg article “The Big Hack,” which alleged that printed circuit boards (PCBs) for server motherboards were manipulated by implanting additional chips. These modified PCBs were then supposedly used in cloud computing centers of major companies.

In this talk, we provide a brief overview of the supply chain to understand whether and how an attack utilizing PCB manipulation – such as the one described by Bloomberg – could be carried out. PCB-based attacks occupy a sort of "sweet spot" from an attacker’s perspective, as they are often easier to execute than manipulating chip designs, yet more difficult to detect than crude device tampering attempts.

We present experiments using (non-functional) devices to explore how such manipulations can be detected. Our primary focus is on detection through optical inspection and X-ray imaging. These techniques do not require in-depth knowledge of the functional behavior of a device, and thus have the potential to scale.

In particular, we investigate the feasibility of hiding chip dies within a PCB and under coils. Our findings illustrate that the choice of bond wire material significantly impacts detection probability. Specifically, we demonstrate that aluminum bond wires are best suited for hiding a stealth chip. Finally, we show that the backside of Ball-Grid Array (BGA) packages is particularly well-suited for concealing malicious implants. We illustrate all our findings with optical and X-ray images.

While we cannot assess the truthfulness of Bloomberg's report, our analysis shows that the alleged manipulations are technically feasible and represent a plausible attack vector.