Semiwiki on LinkedIn Semiwiki on Facebook Semiwiki on Twitter Register / Log in 
Array
(
    [content] => 
    [params] => Array
        (
            [0] => /forum/threads/computer-virus-cripples-iphone-chipmaker-tsmc-plants.10654/
        )

    [addOns] => Array
        (
            [DL6/MLTP] => 13
            [Hampel/TimeZoneDebug] => 1000070
            [SV/ChangePostDate] => 2010200
            [SemiWiki/Newsletter] => 1000010
            [SemiWiki/WPMenu] => 1000010
            [SemiWiki/XPressExtend] => 1000010
            [ThemeHouse/XLink] => 1000970
            [ThemeHouse/XPress] => 1010570
            [XF] => 2021770
            [XFI] => 1050270
        )

    [wordpress] => /var/www/html
)

Computer Virus Cripples IPhone Chipmaker TSMC Plants

Daniel Nenni

Daniel Nenni

Admin
Staff member
Interesting but not surprising now that semiconductors have become the lifeblood of modern life. I'm sure we will hear more soon but I would be interested in other experiences with viruses and semiconductor manufacturing. Anyone? The equipment manufacturers should be shaking in their profit boots, absolutely. My guess would be China or Korea, they have the most to gain? Maybe a disgruntled worker? Stupid headline by the way.

Computer Virus Cripples IPhone Chipmaker TSMC Plants

“TSMC has been attacked by viruses before, but this is the first time a virus attack has affected our production lines,” Chief Financial Officer Lora Ho told Bloomberg News by phone. She wouldn’t talk about how much revenue it would lose as a result of the disruption, or whether the facilities affected were involved in making iPhone chips. “Certain factories returned to normal in a short period of time, and we expect the others will return to normal in one day,” the company said in its Saturday statement.


 
Last edited:
Odd, if it wasn't a hacker then how about an employee or a contractor with an infected Laptop, Tablet or even Smart Phone connected to the network?
 
Internal IT incompetence is likely. Considering my experience with their website (I have never been inside), I can envision even trivial viruses or cryptoware taking over very easily.
 
[table] border="0" cellspacing="0" cellpadding="0" width="100%" style="width: 100%"
|-
| align="left" valign="top" style="font-family: Arial, Helvetica, sans-serif; font-size: 20px; line-height: 28px; color: rgb(245, 0, 0); padding: 15px 0px 0px" | TSMC Details Impact of Computer Virus Incident
|-
| align="left" valign="top" style="font-family: Arial, Helvetica, sans-serif; font-size: 11px; line-height: 15px; color: rgb(153, 153, 153); padding: 12px 0px" | Issued by: TSMC
Issued on: 2018/08/05
|-
| align="left" valign="top" style="font-family: Arial, Helvetica, sans-serif; font-size: 12px; line-height: 18px; color: rgb(68, 68, 68)" |
Hsinchu, Taiwan, R.O.C., Aug 5, 2018 – TSMC today provided an update on the Company’s computer virus outbreak on the evening of August 3, which affected a number of computer systems and fab tools in Taiwan. The degree of infection varied by fab. TSMC contained the problem and found a solution. As of 14:00 Taiwan time, about 80% of the company’s impacted tools have been recovered, and the Company expects full recovery on August 6.

TSMC expects this incident to cause shipment delays and additional costs. We estimate the impact to third quarter revenue to be about three percent, and impact to gross margin to be about one percentage point. The Company is confident shipments delayed in third quarter will be recovered in the fourth quarter 2018, and maintains its forecast of high single-digit revenue growth for 2018 in U.S. dollars given on July 19, 2018.

Most of TSMC’s customers have been notified of this event, and the Company is working closely with customers on their wafer delivery schedule. The details will be communicated with each customer individually over the next few days.

This virus outbreak occurred due to misoperation during the software installation process for a new tool, which caused a virus to spread once the tool was connected to the Company’s computer network. Data integrity and confidential information was not compromised. TSMC has taken actions to close this security gap and further strengthen security measures.
|-
[/table]
 
Securing the supply chain is essential. You can see a cloud approach to this with the Cerberus work on OCP, but the same kind of diligence has to be much more widespread. Also look at Sphere - only implemented in one SOC at the moment, but an in-depth and portable approach.
 
The real question is who is behind this attack, what is its true purpose and goal and how it will be handled. With the political power and resources of TSM and its key customers, TSM will get to the bottom of this. They will find their target and I would not want to be in their place.
 
Reasons for TSM Attack

It will come out who is behind the cyber attack on TSM or if it is just a random virus, which I doubt. If it is found to be a random attack, its someone that is so far in over their head, they will be getting a lesson in real power that they don't have a clue about. If it is a deliberate targeted attack the company or nation state that launched it has opened up a mess for themselves and all around them. We are just seeing the very first chapter of this play out. There is also the possibility of a confidential deal being reached, but the price of this would be staggeringly high to the point their might not be a way to keep it confidential in the long term.
How ever this plays out, TSM and their partners will be far tougher and more dangerous target in the future. If it is a nation state behind it and they are exposed, the repercussions will be staggering. I hope something very positive comes out of this where all come together for their mutual benefit and a better future. We are entering a whole new world and let's all try to make it better than the one we are leaving behind, wisdom, intelligence required and careful thought required. This should be a learning experience for a better future.

Comments, thoughts, ideas and solutions solicited and wanted
 
Last edited:
I like how analysts and the media are running away with this:

Mark Li, an analyst at Sanford C. Bernstein, said he thinks all of TSMC’s 12-inch wafer fabrication plants had been infected and that many customers had been affected, though the impact will be “very limited” because the company can make up for the losses during the busiest holiday quarter. TSMC makes Apple chips in its 12-inch fabrication plants.

He thinks? What an irresponsible thing to say. I'm guessing he recommended his clients short TSMC before saying this.

“Long-term, TSMC’s trustworthy image is somewhat tainted but it is hard to quantify the effect now,” Li wrote in a research note Monday

Complete and utter nonsense!

No hacker targeted TSMC, CC Wei said, explaining that the infected production tool was provided by an unidentified vendor. The company is overhauling its procedures after encountering a virus more complex than initially thought, he said. “We are surprised and shocked,” Wei told reporters. “We have installed tens of thousands of tools before, and this is the first time this happened.”

That "unidentified" vendor will pay dearly for this, absolutely.
 
I work for a company that is attacked constantly and has to invest heavily in defense. I am sure TSMC is also a high value target. The real surprise here is how easily the attack spread. But also, that could not be a sophisticated attacker, they would not have tipped their hand. So one concludes they were vulnerable to the spread of something amateur.

Now what should have happened is that anything amateur could not escape the tool it infected when the tool was installed. If that did not happen, then what must already be infecting them from serious hackers who probably see the entry as child's play? This event is disturbing.
 
Dan, even though it looks random, it may not be. This is more a strategic question than a technical one. This could be a multi prong attack where several devices are carrying the needed attack code and the attacker hopes one will get through. I have been around many extremely brilliant strategist and it's literally a field to itself. As outsiders we will probably never know all the details and TSM shouldn't release them for this just gives the attacker more data to work with on any target. Strategist are a breed unto themselves, that I have studied for years. The very best are the ones you don't know about and never will. They can be on both sides, good and bad or even agnostic. Some of the very best have developed on their own without outside training and one of my friends that is a technologist and was a professional paid white hat found some that are utterly brilliant and know how to not only think outside the box, but don't even have a concept of what a box is. They are so far out there, others don't even have a concept. I'm sure TSM is smart enough to get to the true bottom of this, but will probably have to go outside to find it. I hope they do, they are one of my large positions. An ounce of strategy can easily be stronger than a ton of brain power, they are different animals entirely and I do know. I find them amazing.

I figured out how to penetrate one of the highest security installations on the planet and went head to head with two of their very top people and given legal orders binding me to confidentiality and I just had field tech experience at the time.
 
Last edited:
Given that the virus is claimed to be wanna cry; the most likely issue was this:
The tool vendor configured the tool control computer in their internal network which was fire walled, but bridged to the outside network. Their master copy of the OS was infected; but since it could see the killswitch server (see wikipedia page on wannacry) it was inactive and not detected.
Once the tool was moved to TSMC and installed in their air-gapped network, the virus could no longer see the killswitch server and became active again.
 
You must log in or register to reply here.
Back
Top