Anons awake?
Once 'government authorities' were notified about the chips there are three possibilities: 1/ it was not news because we put the chips there 2/ It was news but we took our sweet time telling anyone or 3/ it was news but we slow-walked a fix because it was a nifty capability for domestic spying.
Do spy agencies always report zero days they discover? Why not?
This was the MOTHER OF ALL ZERO DAYS. Speculation: what if the situation was 'spun' but kept secret
I'm quite surprised all discussion about the 'CIA' exploiting the chip gets shut down with 'do you have any evidence they put it there'. Did they have to? What's good for the bad guys is good for the good guys and vice versa – that's why security holes are bad in principle. But good news if you are a spy.
And what is implied if they did have knowledge and exploits? Could they have spied on the Trump campaign using that capability? It sounds awfully like the news stories about monitored meetings of Russians at embassies and the like.
Does the chip have to show up only on Supermicro boards? Is the interface exploited in any way standardised?
Remember the 'magic' in the Presidential Daily Briefings that the incoming team was not suposed to know about because the outgoing administration didn't want to lose access.
Was the 'Presidential Alert' related? I don't know. Interesting comment from the story at Schneier.com
https://www.schneier.com/blog/archives/2018/10/conspiracy_theo_2.html
>The Wireless Emergency Alert (WEA) system (formerly known as CMAS, or Commercial Mobile Alert system) is an extension of the old Emergency Alert System (EAS). EAS, in turn, was an update of the old Emergency Broadcast System, which itself had its origins in CONELRAD. Under EAS, Emergency Action Notifications (EANs) are intended to be used only by the president to address the nation in an emergency (e.g., impending nuclear ICBM strike) if all else fails.
>The WARN Act of 2006 (https://www.congress.gov/bill/109th-congress/house-bill/5785/text), which established WEA and IPAWS (the Internet system used to disseminate these alerts), has a provision in it which states, "Any licensee electing to participate in the transmission of National Alert System alerts may offer subscribers the capability of preventing the subscriber’s device from receiving alerts broadcast by the system other than an alert issued by the President."
>The FCC regulations (https://www.federalregister.gov/documents/2008/07/24/E8-16853/commercial-mobile-alert-system) implementing the WARN Act establish three levels of alerts: Presidential, Imminent Threat, and Child Abduction/AMBER. The message type is encoded as a few bits – there was no option for FEMA to call it anything other than a "Presidential Alert" if they wanted to test that functionality.
>As for an "E911 chip," it is probably true that back in the day some phones had an extra GPS chip to enable E911. But now that GPS is a ubiquitous feature of smartphones, there's no extra "E911 chip." The cellular network can query your location using RRLP (https://en.wikipedia.org/wiki/Radio_resource_location_services_protocol), LPP, or SUPL (see http://www.rohde-schwarz-wireless.com/documents/LTELBSWhitePaper_RohdeSchwarz.pdf for details). However, this has nothing to do with how these emergency alerts are broadcast. In LTE, they are sent as a dedicated System Information Block (other SIBs include things like the network and cell identify, network configuration parameters, etc.) In GSM, they are sent over the Cell Broadcast Channel. In either case, it's a limited broadcast channel. You do not even have to be attached to the network to receive these alerts.
Also, remember that E911 gateways (at the cell tower) run software provided by the 'Israeli' firm Amdocs, at least they did nigh on 20 years ago when first introduced. CLECs (WLECs) used to have to interface with it, back in the day, to comply with E911.