Story image

Supermicro to test for spy chips, Apple & AWS call for retraction

23 Oct 18

Following the bombshell allegations released earlier this month, Supermicro has announced it will be conducting a review to prove its innocence.

The allegations in question came from Bloomberg in a comprehensive report that claimed Chinese spies had been infecting Supermicro motherboards destined for some of the world’s biggest companies with malicious chips that were feeding information back to China.

These firms included the likes of Apple and Amazon, both of which immediately jumped on Supermicro’s side of the fence and rubbished the claims.

Apple in particular has been vehemently opposed to the findings within the Bloomberg report. Last week the tech giant sent a public letter to US Congress signed off by Apple Information Security vice president George Stathakopoulos detailing the Bloomberg claims and why they’re nonsense.

“Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. We never alerted the FBI to any security concerns like those described in the article, nor has the FBI ever contacted us about such an investigation,” says Stathakopoulos.

And then in an interview with Buzzfeed News, Tim Cook demanded that the article should be taken down – the first time Apple has ever publically requested a news article to be withdrawn.

“There is no truth in their story about Apple,” Cook says. "They need to do the right thing and retract it."

AWS CEO Andy Jassy later posted a tweet throwing the company’s weight behind Cook and Apple – “Tim Cook is right. Bloomberg story is wrong about Amazon, too. They offered no proof, story kept changing, and showed no interest in our answers unless we could validate their theories. Reporters got played or took liberties. Bloomberg should retract.”

And now despite dismissing the allegations as false, in a letter to customers from Supermicro CEO Charles Liang the company has pledged to conduct a review to prove that its motherboards aren’t infected.

“We are confident that a recent article, alleging a malicious hardware chip was implanted during the manufacturing process of our motherboards, is wrong,” says Liang.

“Despite the lack of any proof that a malicious hardware chip exists, we are undertaking a complicated and time-consuming review to further address the article.”

One of the key points in Liang’s letter was that Bloomberg reporters have failed to produce any kind of hard evidence like a compromised motherboard or a malicious chip to prove their allegations.

Supermicro carries out manufacturing operations via subcontractors in China – where Bloomberg says the motherboards have been infected – and Liang says the company studiously checks every layer of each motherboard as well as its functionality throughout the whole process.

“Specifically our process requires the inspection of the layout and components of every product at the beginning and end of each stage of manufacturing and assembly. Our employees are on site with our assembly contractors throughout the process. These inspections include several automated optical inspections, visual inspections, and other functional inspections,” says Liang.

“We also periodically employ spot checks and x-ray scans of our motherboards along with regular auditors of our contract manufacturers. Our test processes at every step are not only designed to check functionality, but also to check for the integrity and composition of our designs and to alert us to any discrepancies in the base design.”

Liang also asserted the motherboard designs are very complex, making it “practically impossible for anyone to insert a functional, unauthorised component into a motherboard without it being caught by any one, or all, of the checks in our manufacturing and assembly process.”

However, Bloomberg is still standing steadfastly by its report and refuses to back down.

“Bloomberg Businessweek’s investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews. Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks,” the company reported in a statement.

“We also published three companies’ full statements, as well as a statement from China’s Ministry of Foreign Affairs. We stand by our story and are confident in our reporting and sources.”

So the question still remains, just who is lying or at the very least misinformed? The standoff continues.

Is self-service BI living up to the hype?
the explosion of data available to a business and self-service BI tools is transforming how everyone works - but is self-service living up to expectations?
What the people say - Gartner’s November Customers’ Choices
A roundup of the latest Gartner Peer Insight Customers’ Choices from Backup and Recovery to Business Intelligence and Analytics, and more.
BlackBerry buys out cybersecurity AI firm Cylance
“We are eager to leverage BlackBerry’s mobility and security strengths to adapt our advanced AI technology to deliver a single platform.”
WA council first to adopt new Datacom tech for local government
The early adopter Shire of Majinup’s initial priority is to use Datascape to help it engage more closely with its community.
Five secrets – Workday’s 2019 winning formulas
We thoroughly investigate why business software vendor Workday believes 2019 will be their best year yet.
Exclusive: Strengths and limitations of the AWS/Cisco partnership
Iguazio CEO Yaron Haviv discusses whether the partnership really is a 'match made in heaven' and what it means for the industry.
Google Cloud CEO stepping down to welcome ex-Oracle exec
Google Cloud has grown significantly under Greene's tenure, but has involved tens of billions of dollars and little gains on AWS and Azure.
Why UCaaS is the channel’s ‘opportunity of the century’
The popularity of UCaaS has grown very fast, with larger organisations across major industries like financial services and healthcare embracing it.