I'm not so sure. These BMCs are dumb SoCs like any other (just with specialized ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

formerly_proven on Dec 14, 2021 | parent | context | favorite | on: Dell and HPE switches come with 'American Megatran...

I'm not so sure. These BMCs are dumb SoCs like any other (just with specialized I/O), their firmware comes from an external SPI flash. I doubt there is anything AMI specific at all in these chips. Looks like it's basically a license sticker some worker is putting on these boards after they're all assembled and tested. I can see how these stickers are there, maybe for contractual/legal reasons, without being a critical part of the BMC board BOM (1x roll of "AMI loicense stickers").

xondono on Dec 14, 2021 [–]

These “dumb SoCs” are one of the biggest security holes in a lot of high end equipment.

It would not be the first time someone finds exploitable firmware bugs and vulnerable BMCs through Shodan.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact