Both Apple and Amazon have denounced a report by Bloomberg claiming Chinese intelligence managed to compromise them via a tiny malicious microchip fixed to
Both Apple and Amazon have denounced a report by Bloomberg claiming Chinese intelligence managed to compromise them via a tiny malicious microchip fixed to server motherboards. The report was published today, citing both “government and corporate sources,” followed by statements from both companies. The chips were allegedly implanted on the server hardware at factories in China where the products were manufactured.
Simply put, Bloomberg ‘s report claims Chinese spies were able to implant microchips about the size of a grain of rice onto motherboards ultimately used in Elemental servers assembled by Super Micro Computer. The illicit addition was allegedly discovered during a security audit in Canada.
A compromise of this nature, if true, would be severe and unprecedented. Elemental’s servers were in use by both American companies and government agencies, including the Department of Defense and CIA. The discovery of this alleged vulnerability is said to have triggered a top secret investigation in 2015 that remains ongoing to this day.
The report cites a pair of officials claiming the chips were implanted by the People’s Liberation Army as a way to introduce a backdoor into networks utilizing the servers. Yet another official is cited as claiming that nearly 30 companies, among them being Apple and Amazon, were impacted by this alleged security breach.
Both Amazon and Apple have separately published statements today countering Bloomberg ‘s report, claiming it is inaccurate and that neither company has found evidence of these alleged hardware breaches.
“There are so many inaccuracies in this article as it relates to Amazon that they’re hard to count,” the Seattle-based company said in its own statement.
Apple has similarly strong things to say, revealing that it had spoken with Bloomberg editors and reporters multiple times over the past 12 months about this alleged incident. The company explains that it conducted “rigorous internal investigations” each time it was contacted by the publication, and that it never found anything substantiating the claims.
Apple also challenges some of the statements presented in the “latest version of the narrative,” denouncing class that Siri and Topsy shared servers, for example. The company explains that it inspects servers for potential vulnerabilities, as well as updating firmware and software, being putting them into production.
The company speculates as to what may have prompted aspects of the report, saying:
SOURCE: Apple, Amazon, Bloomberg
