Update, December 11, 2018 (01:12 PM ET): A third-party security team found no evidence of Chinese spy chips in Supermicro servers used by Apple, via Engadget. This seems to nullify claims made in a Bloomberg report (as discussed below) that Chinese spy chips put the security of Apple’s (and Amazon’s, among others) servers at risk.
Although the third-party audit seems to point to the Bloomberg exposé being at least partly false, it certainly still leaves room for the possibility that the third-party team simply didn’t find the spy chips. However, this new evidence seems to suggest that Bloomberg’s sources were incorrect.
Original Article, October 4, 2018 (11:02 AM ET): Early this morning, Bloomberg published an exposé regarding security matters at data centers belonging to both Amazon and Apple. The report alleges that data center hardware purchased from a Chinese company called Supermicro included Chinese spy chips that put the security of the networks at risk.
According to the Bloomberg report, Chinese spies could have used the chips to monitor the companies as information passed through its network. This could have included intellectual property information and trade secrets, among other things.
Not long after the report hit the internet, both Apple and Amazon vehemently denied the report’s findings.
Apple — which issued a strongly-worded statement — had this to say:
“We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Supermicro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.”
Amazon Web Services also claimed the report is inaccurate, saying that the company “found no evidence to support claims of malicious chips or hardware modifications.”
If this report is true, why would Amazon and Apple deny it?
According to the report, Apple and Amazon used Supermicro products in their respective data centers until 2015 or 2016, when both companies abruptly upgraded and switched providers. However, a total of 17 individuals claiming to have deep internal knowledge of both Apple and Amazon claim that the reasoning behind the removal of Supermicro systems was due to the discovery of exceptionally tiny spy chips.
Amazon also offloaded its physical server business in China last year, the alleged reasoning for which is just coming out now as being due to cybersecurity risks.
If these spy chip allegations really did happen, why would Apple and Amazon deny it? One theory would be to save their respective stock prices from suddenly plummeting, and another would be that the United States government is advising them to deny the claims.
However, it is also completely possible that the Bloomberg report is wrong or at least not completely factually correct.
Regardless of the truth, this is yet another setback for China/U.S. relations. Chinese electronics companies like Huawei and ZTE already face major roadblocks from the U.S. government when it comes to getting their products into the hands of U.S. consumers. Even if this report is revealed to be incorrect, the damage might already be done.