facebook rss twitter

Apple and Amazon deny Bloomberg Chinese hacking story

by Mark Tyson on 5 October 2018, 10:01

Tags: Apple (NASDAQ:AAPL), Amazon (NASDAQ:AMZN), SuperMicro (NASDAQ:SMCI)

Quick Link: HEXUS.net/qadya2

Add to My Vault: x

Yesterday afternoon Bloomberg published an eye opening report entitled 'The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies'. It detailed how Chinese spies got 'God Mode' access within almost 30 American tech companies including Apple and Amazon. In brief, the report explained how the Chinese PLA managed to install a tiny chip on a Supermicro motherboard component made in China, which would then be hidden in servers used in big American tech companies. The disguised or hidden spy chips were only noticed because Amazon employed a firm to undertake due diligence assessments on its AWS servers - the Chinese spy chip was, of course, not part of the component board original designs.

Via the implanted spy chips, "not much bigger than a grain of rice", Chinese hackers could subvert the hardware they were installed in, siphoning off data and letting new code into the system like a Trojan Horse virus. We don't have any record of what data might have been compromised but Bloomberg says that both Apple and Amazon worked quietly to remove compromised servers from their networks after the misspecification had been noted.

Apple, Amazon, Supermicro deny spy chip story

Within hours of the Bloomberg report, official statements have been released from all the big names involved in this story, including Apple, Amazon, Supermicro, and the Chinese Government. You can read the four respective statements on Bloomberg's own right-to-reply page here. If you go ahead and read the statement at that link, or via Apple's and Amazon's own press releases, you will see that they all say that Bloomberg's 'The Big Hack' story is untrue.

Apple asserts that it has "never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server." Amazon says that in its due diligence records there is no evidence that AWS knew about servers containing malicious chips or modifications in data centres based in China. Neiether did AWS work with the FBI to investigate or provide data about malicious hardware. Supermicro adds its voice with a similar statement, saying that it is "not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard". Lastly the Chinese Ministry of Foreign Affairs said it works with the international community "on tackling cybersecurity threats through dialogue on the basis of mutual respect, equality and mutual benefit" and supply chain safety is of great importance to China as it is also a victim.

Basically all named parties in Bloomberg's original story have come forward to refute it. Thus this story is in a state of flux and Bloomberg and/or its sources may have to come up with some more evidence of the original allegations. In the video below you will see that in the face of the denials Bloomberg is still "confident in the sourcing" of the original story. Perhaps there will be updates on this situation later today or over the weekend.



HEXUS Forums :: 19 Comments

Login with Forum Account

Don't have an account? Register today!
Its spys galore. China spys on us,Russia is spying on us,the NSA is spying on us,MS is spying on us……!
I'd love to know what this chip was made of, bullpoomium? Yep, sounds like it…

*grumbles while walking out the door about miniaturization and how some peoples fantasies just don't make reality and how ridiculously stupid the Bloomberg article was*

Edit: Yes, there was a sub-grain of rice computer and this technology is, relatively, potentially possible. But I would like to see genuine evidence brought forward by Bloomberg else this is a heavily salacious attack and ties in with Trump recently saying China is attacking their midterms. Something is fishy…
Tabbykatze
I'd love to know what this chip was made of, bullpoomium? Yep, sounds like it…

*grumbles while walking out the door about miniaturization and how some peoples fantasies just don't make relative and how ridiculously stupid this article was*

MOAR AMMO in the trade war methinks - convenient how something discovered allegedly in 2015 only gets “leaked” in 2018:

https://www.theguardian.com/technology/2018/oct/04/china-planted-chips-on-apple-and-amazon-servers-report-claims

Oh well the only way forward is for tech companies to move more production back to the US and Europe then,but then the money tree won't like that right?? ;)
Real or not, it's an interesting concept. Given the level of out-sourced manufacturing, I'm sure it would be reasonably easy for an adjustment to be made even if the chip was relatively large and complex.

I can't imagine many organisations do an electrical component check on their boards compared to the (not readily available) manufacturer design specifications.
I know of a major network user that stopped using their network provider because of security concerns when they they started to used Huwai network components in the WAN infrastructure.