The two big tech giants Apple and Amazon have denied a Bloomberg Businessweek report on Thursday that claimed their systems had been infiltrated by tiny chips inserted by Chinese spies. Bloomberg cited 17 unidentified sources from intelligence agencies and business to support claims of a big 'supply chain attack' conducted by China that affected 30 companies and multiple US government agencies.
The report claimed small malicious chips were planted by a unit of the Chinese People's Liberation Army that allowed Beijing to gain access to the supply chain of a firm called Super Micro, known as the 'Microsoft of the hardware world.'
The tiny chips were disguised to look like other, legitimate components which made difficult for companies to detect without specialist equipment.
'On this, we can be very clear: Apple has never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement," Apple said in a statement.
California-based Super Micro has denied selling servers to customers containing malicious microchips in the motherboards of those systems. It said 'it has never found any malicious chips and nor has it been informed that such chips were found by any customer and has never been contacted by government agencies on the matter.'
In response to Bloomberg’s latest version of the narrative, Apple presented the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers has ever been found to hold malicious chips.
Bloomberg further reported that Amazon found the malicious chips in 2015 when examining servers manufactured by a company known as Elemental Technologies, which Amazon acquired later. The investigation revealed that Elemental servers, which were assembled by Super Micro, contained tiny microchips that were not part of their design. Amazon reported the matter to US authorities, who determined that the chips allowed attackers to create 'a stealth doorway' into networks using those servers, the story said.
'As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government,' Amazon said in a blog post.