In an article published by Bloomberg last week, it was alleged that Supermicro servers sold to certain customers contained Chinese grain-of-rice-sized spying chips on its motherboards in 2015. Now, US Homeland Security officials as well as UK spymasters and others have supported denials that Chinese agents were able to smuggle small secret spy chips into Supermicro servers.
In the article Bloomberg stated that Chinese secret agents installed tiny chips the size of a grain of rice on server motherboards built by US-based Supermicro, which were used by companies across the U.S. tech industry including Amazon and Apple.
“As we shared with Bloomberg BusinessWeek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Supermicro motherboards in any Elemental or Amazon systems,” said Steve Schmidt, Chief Information Security Officer at Amazon Web Services.
Supermicro declared it has never been contacted by any government agencies either domestic or foreign regarding the alleged claims. The enterprise computing, storage, networking solutions and green computing technology vendor would take all security claims very seriously and make continuous investments in the security capabilities of their products, also when it comes to outsourcing server production to (Chinese) subcontractors.
In the article, Bloomberg cited about a dozen anonymous sources saying China’s military intelligence pressured or bribed a Chinese manufacturing subcontractor of Supermicro to include a small secret spy chip in the server vendor’s motherboards. There was a lack of hard data and technical information however to support the Bloomberg story.
“We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed,” stated Apple on CNBC. “Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Supermicro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.”
U.S. Homeland Security as well as U.K.’s National Cyber Security Center have declared they have ‘no reason to doubt’ statements by Supermicro, Apple, and Amazon denying allegations made in this Bloomberg article.