Apple denies its server hardware was infected by Chinese spy chips

Fredrick Soto
October 5, 2018

However, it is also completely possible that the Bloomberg report is wrong or at least not completely factually correct.

"Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks", Bloomberg said in a statement. We stand by our story and are confident in our reporting and sources.

These chips, which Bloomberg says have been the subject of an ongoing top-secret United States government investigation since in 2015, were used for gathering intellectual property and trade secrets from American companies and may have been introduced by a Chinese server company called Super Micro, which assembled machines for Elemental Technologies. The operation is thought to have been targeting valuable commercial secrets and government networks, the news agency said.

The servers had been compromised during manufacturing and the chips activated once they were up and running, it said.

Amazon subsidiary Amazon Web Services, which provides on-demand cloud computing platforms, was described in the Bloomberg story as having known about the malicious chips and working with the FBI to investigate the matter.

"We remain unaware of any such investigation", a Super Micro representative says in response to the claims.

"We are not aware of any customer dropping Super Micro as a supplier for this type of issue".

A third-party security testing firm hired by Amazon found the chips on servers from a company called Elemental Technologies, which Amazon acquired to bolster its streaming video business, according to the report. None of those servers have ever been found to hold malicious chips.

Supermicro reportedly assembled server motherboards for the startup and after forensic examination, it was found that tiny chips embedded in the board were not part of the original design. The 2015 incident reportedly sparked an ongoing, top-secret federal investigation, which so far has revealed "the chips allowed the attackers to create a stealth doorway into any network that included the altered machines", Businessweek reports.

AWS told Bloomberg it had reviewed its records related to the Elemental acquisition and "found no evidence to support claims of malicious chips or hardware modifications". San Jose, California-based Super Micro said it strongly denies reports that servers it sold to customers contained malicious microchips in the motherboards of those systems.

Apple was one of the victims of the apparent breach, according to Bloomberg.

The report comes amid increased concerns that foreign intelligence agencies infiltrating U.S. and other companies via so-called "supply chain attacks", particularly from China where multiple global tech firms outsource their manufacturing.

"Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs", Apple said of the Bloomberg report.

Other reports by

Discuss This Article