Apple, Amazon deny report on Chinese hardware attack through ‘Supermicro’ chip

Gladys Abbott
October 4, 2018

Chinese hackers have reportedly implanted spying microchips in servers used by numerous data centers of such US corporate giants as Apple and Amazon, Bloomberg reported Thursday. The lengthy statement can be found here (published separately from the original report), along with statements from Amazon, Super Micro and China's Ministry of Foreign Affairs, which are also named in the story. Not part of the motherboards' original design, the malicious chips are believed to have been implanted at factories run by Chinese manufacturing subcontractors and created to offer "long-term access to high-value corporate secrets and sensitive government networks".

A three-year investigation by US government officials found that servers assembled for startup Elemental Technologies by San Jose-based company Supermicro reportedly contained tiny microchips "inserted at factories run by manufacturing subcontractors in China", Bloomberg reported.

This discovery was reportedly forwarded to USA authorities as the same servers were being used by the Department of Defense, CIA, and the USA military.

Apple says its "deeply disappointed" in Bloomberg.

Amazon, meanwhile, "found no evidence to support claims of malicious chips or hardware modifications", the company said. The report alleges that the tiny chips, disguised to look like other components or even sandwiched into the fiberglass of the motherboards themselves, were connected to the management processor, giving them far-reaching access to both networking and system memory. But it said a top-secret US government investigation, dating from 2015 and involving the FBI, remains open.

That just leaves Bloomberg, which claims the issue was first discovered by Apple in May, 2015 and quietly reported to the Federal Bureau of Investigation. "Apple never had any contact with the Federal Bureau of Investigation or any other agency about such an incident".

More news: Western nations accuse Russian intelligence of 'brazen' global cybercrimes

In a statement to Bloomberg Businessweek that was also provided to Fox News, Apple said that Bloomberg's reporting is "inaccurate" and the sources in the story might be "wrong or misinformed".

Amazon responded that "at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Super Micro motherboards in any Elemental or Amazon systems". "That one-time event was determined to be accidental and not a targeted attack against Apple", the company wrote.

Amazon subsidiary Amazon Web Services, which provides on-demand cloud computing platforms, was described in the Bloomberg story as having known about the malicious chips and working with the FBI to investigate the matter.

The Chinese government has also denied the report.

However, Bloomberg says the denials are in direct contrast to the testimony of six current and former national security officials, as well as confirmation by 17 anonymous sources which said the nature of the Supermicro compromise was accurate.

Other reports by LeisureTravelAid

Discuss This Article