CURIOUSER AND CURIOUSER: Security researcher named in China spy chip story voices doubts. “Spreading hardware fear, uncertainty and doubt is entirely in my financial gain, but it doesn’t make sense because there are so many easier ways to do this. There are so many easier hardware ways, there are software, there are firmware approaches. The approach you are describing is not scalable. It’s not logical. It’s not how I would do it. Or how anyone I know would do it.”


Speaking on the Risky Business security podcast, Fitzpatrick voiced his skepticism at the fact that a theoretical proof-of-concept hack he demonstrated at the Black Hat 2016 conference would be exactly the approach reported by the Bloomberg story — despite the fact that there are plenty of other, more straightforward ways of carrying out a hack.

“It was surprising to me that in a scenario where I would describe these things and then he would go and confirm these and 100% of what I described was confirmed by sources,” he said. One of the journalists who wrote the article reportedly said that while it “sounded crazy,” this is exactly what had been reported to them by “lots of sources.”

“I have the expertise to look at he technical details and I have the knowledge to look at the technical details and see that they’re jumbled,” Fitzpatrick said. “They’re not outright wrong, but they are theoretical. I don’t have the knowledge to know the other conversations — the other 17 sources and what they said, but I can infer — based on the technical side of things — that the non-technical side of things may be jumbled the same way.”

It sure would help determine the truth if Bloomberg — or anyone — would provide an actual sample of one of these spy chips.