Super Micro motherboards used by Apple, Amazon contained Chinese spy chips

Andrew Cummings
October 4, 2018

The Chinese military surreptitiously inserted tiny microchips no larger than single grains of rice into servers on local assembly lines in order to gain access to data networks run by US government agencies ranging from the Department of Defense to the Central Intelligence Agency, according to an explosive investigation from Bloomberg.

Amazon, Apple and Super Micro have all denied Bloomberg's report. "Over the course of the past year, Bloomberg has contacted us multiple times with claims.of an alleged security incident at Apple", the company said in an emailed statement to Bloomberg.

On Thursday, Bloomberg reported that the company at the heart of the matter is Super Micro Computer, also known as Supermicro, which is one of the largest suppliers of server hardware, workstations, storage, and GPU systems worldwide.

Elemental servers assembled by Supermicro are "found in Department of Defense data centers, the CIA's drone operations, and the onboard networks of Navy warships", per Bloomberg, and the revelation prompted DoD officials at the time to request a small group of technologists "to think about creating commercial products that could detect hardware implants".

Supermicro itself is not implicated and disputes the Bloomberg report.

In its lengthy statement, Amazon said: "We've found no evidence to support claims of malicious chips or hardware modifications".

"We remain unaware of any such investigation", said Super Micro. The report alleges that the tiny chips, disguised to look like other components or even sandwiched into the fiberglass of the motherboards themselves, were connected to the management processor, giving them far-reaching access to both networking and system memory.

Apple and Amazon reportedly have denied assertions that their data center equipment had Chinese surveillance microchips inserted during the manufacturing process.

Apple and Amazon have distanced themselves from claims that they were among USA companies targeted by the Chinese hackers.

Amazon subsidiary Amazon Web Services, which provides on-demand cloud computing platforms, was described in the Bloomberg story as having known about the malicious chips and working with the FBI to investigate the matter. "We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg's story relating to Apple". "Apple never had any contact with the Federal Bureau of Investigation or any other agency about such an incident". In a statement to CNBC, Apple said it found a single infected driver on one Super Micro server in a lab, calling it a one-time event.

Bloomberg says its report is a result of information from 17 people, including six current and former senior national security officials, two from Amazon Web Services, and three Apple insiders. Bloomberg further reports that the attack was made by a unit of the People's Liberation Army, the Chinese military.

Other reports by iNewsToday