It seemed incredible to me that they talked about these tiny little components being added to systems that allowed the evil doer to take complete control of the system. How exactly is something with 2 connections to the motherboard going to exert dramatic influence over a CPU with 1000+ connections to the rest of the system. Some 48-56 physical address lines, 64 data lines, and etc. all being manipulated by the magic rice grain? I don't think so.
All you need to do is reflash the BMC firmware. You can do that over a SPI bus, that only requires three lines (3 SPI lines + Vcc + Vss = 5 pins, just like the part...) You don't even have to rewrite the whole firmware, just patch the one section of code that does logins and then update the checksum if there is one. The firmware that is flashed in the factory is likely pulled from a read-only media and then checked against it. If you slip this implant in, you can just have the good firmware patched X hours after first turning on. Best case, you inject your patch into the BMC firmware before anyone can update to the latest that doesn't work with your patch. The adversary can then push an update to BMC again to something that can block new, good updates from killing the backdoor. Worst case, the user updates the firmware before the exploit is run. This patch corrupts the good, new firmware and the user has to reflash it. BMC keeps corrupting so RMA the old server and get a new one, maybe this one has an implant that will patch before the user can apply a good update.
And who was their sources again that confirmed that these companies were affected, when the companies themselves and now multiple intelligence agencies say they weren't?
There was a popular story a few days ago explaining how this could have worked. You're not trying to override "1000+ connections," you're trying to influence how the system boots. If you can force the system to load a bootloader from the network instead of from ROM, you can make it do all sorts of things.
