cl-au logo
Story image

Is Supermicro innocent? 3rd party test finds no malicious hardware

13 Dec 2018

Earlier this year one of the larger scandals within IT circles took place with Bloomberg firing shots at Supermicro.

The media company claimed Supermicro had sold motherboards containing malicious chips to around 30 US customers – of which included the likes of Apple and Amazon – which would give Chinese spies the ability to create backdoor access to all the private networks the mother systems were involved with.

Supermicro rubbished these claims but it wasn’t enough to help its share price which according to Reuters fell by 50 percent (although it has since risen). The company promised to conduct an internal investigation to prove its innocence, and now in a letter sent to customers worldwide, it has the results.

“Recent reports in the media wrongly alleged that bad actors had inserted a malicious chip or other hardware on our products during our manufacturing process,” the letter states, signed by Supermicro president & CEO Charles Liang, SVP & chief compliance officer David Weigand, and SVP and chief product officer Raju Penumatcha.

“Because the security and integrity of our products is our highest priority, we undertook a thorough investigation with the assistance of a leading, third-party investigations firm.”

According to Supermicro, a representative sample of motherboards was tested, including the specific type of motherboard detailed in the article as well as motherboards that were sold to the referenced companies and more recently manufactured hardware.

“Today, we want to share with you the results of this testing: After thorough examination and a range of functional tests, the investigations firm found absolutely no evidence of malicious hardware on our motherboards,” the letter states.

“These findings were no surprise to us. As we have stated repeatedly, our process is designed to protect the integrity and reliability of our products.”

After listing all the procedures the company takes to ensure something like this can’t happen, Supermicro fires further shots back at Bloomberg.

“As we have stated repeatedly since these allegations were reported, no government agency has ever informed us that it has found malicious hardware on our products; no customer has ever informed us that it found malicious hardware on our products; and we have never seen any evidence of malicious hardware on our products,” the letter states.

“Today’s announcement should lay to rest the unwarranted accusations made about Supermicro’s motherboards.”

Of course, this report from Bloomberg ruffled a lot of feathers. Aside from Supermicro’s reaction, Apple sent a public letter to US Congress signed off by Apple Information Security vice president George Stathakopoulos, who effectively rubbished the claims.

“Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. We never alerted the FBI to any security concerns like those described in the article, nor has the FBI ever contacted us about such an investigation,” says Stathakopoulos.

Following this, Apple CEO Tim Cook attended an interview with Buzzfeed News where he demanded the article be retracted – the first time Apple has ever publically requested an article to be withdrawn.

However despite the denials from Supermicro and the pressure from the tech superpowers, Bloomberg remained steadfast.

“Bloomberg Businessweek's investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews,” a Bloomberg spokesperson said.

"Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks. We also published three companies’ full statements, as well as a statement from China’s Ministry of Foreign Affairs. We stand by our story and are confident in our reporting and sources.”

Bloomberg has yet to comment since the results of Supermicro’s internal investigation emerged.

Story image
Virtual Electronics develops VEnterface Project: a new way of collaboration between Australia and Singapore
With the development of the mobile app market, requirements for software products have become stricter. Currently, only applications that have been brought to perfect condition, including professional design and a high level of usability, are in demand. More
Story image
Ricoh debuts new range of A4 colour multi-function devices for the digital workplace
"Digital workplaces deploying the new Ricoh devices can scale their capabilities based on their latest needs, while also keeping security features and software completely up to date."More
Story image
Interview: RSA explains security in the epoch of IT disruption
We discussed cybersecurity in terms of how it fits into business continuity, as well as the threat landscape, and what RSA is currently doing to assist businesses that need protection.More
Story image
Synnex signs on Chrome OS transformation vendor
Neverware’s CloudReady allows schools and other organisations to covert old PCs and Macs to cloud-managed Chrome OS devices. More
Story image
TMG nabs Flexera APAC partner of the year award for second year running
"With skilled experts across multiple Flexera capabilities and a solid framework, they continue to show a strong dedication toward ensuring success for our mutual customers."More
Story image
Aussies keen to go remote, but businesses may not be prepared
A recent survey has shown that most Australian workers are finding remote work a boon, but businesses need to stay on top of tech to make it work.More