- A previous report claims that Apple and Amazon were aware of China implanting tiny chips in their servers since 2015.
- The report on Supermicro’s hardware manipulation was confirmed by information provided by 17 anonymous sources.
A recent report claimed that the Chinese government has been spying on over 30 US tech giants. China allegedly implanted tiny chips, the size of a grain of rice, on motherboards used by Supermicro servers, which eventually made its way inside the IT infrastructure of major US firms like Amazon and Apple.
The Bloomberg report stated that the primary goal of the attack was to gain an easy entry point into a company’s system, to grab potentially confidential and proprietary information.In its report, Bloomberg claimed that both Apple and Amazon were aware of the implantation of chips in Supermicro motherboards since 2015.
However, Amazon, Apple, and Supermicro have all vehemently denied all allegations of any breach. More recently US and UK intelligence agencies joined the companies in dismissing the allegations of China having orchestrated an elaborate cyberespionage campaign.
DHS and GCHQ back Amazon and Apple’s denials
In a statement released on its website, the US Department of Homeland Security (DHS) made it loud and clear that it is convinced by Amazon and Apple’s detailed assessment reports into the matter.
“The Department of Homeland Security is aware of the media reports of a technology supply chain compromise. Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story,” said the agency.
Amazon denies the allegation
Bloomberg’s report claimed that Amazon found the malicious chips while examining servers manufactured by a start-up called Elemental technologies in 2015. However, the tech giant recently dismissed the claims and called the report “untrue”.
“At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government,” Amazon said in a press release. “There are so many inaccuracies in this article as it relates to Amazon that they’re hard to count.”
The firm explained that it conducted a thorough review before acquiring the servers manufactured by Elemental technologies, adding that it never found a malicious hardware or chip during the audit.
“Amazon employs stringent security standards across our supply chain – investigating all hardware and software prior to going into production and performing regular security audits internally and with our supply chain partners. We further strengthen our security posture by implementing our own hardware designs for critical components such as processors, servers, storage systems, and networking equipment,” Amazon added.
Apple refutes chip hack report
Bloomberg had also reported that Apple was using a total of 7,000 Supermicro servers, which were also likely compromised. However, Apple too, denied all allegations.
“On this, we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” Apple said. “In response to Bloomberg’s latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers have ever been found to hold malicious chips.”
Bloomberg’s report is allegedly based on information provided by 17 anonymous sources. However, the emphatic denials of the tech giants and the support of the intelligence agencies cast a shadow of doubt about the scale of the attack.