Update: Spychip now allegedly found in U.S. telecommunications company, too
After the vehement denials from Amazon and Apple concerning having found a spy chip on their Supermicro server boards, Bloomberg reports another incident: According to the newsoutlet a major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc. in its network. It was finally removed in August.
Yossi Appleboum, the security expert who discovered the chip, provided documents, analyses as well as more evidence concerning his findings. As of now it is unclear which telecommunications company was targeted: Appleboum signed a nondisclosure agreement with the client and is therefore unable to identify the company.
Original aticle: China uses microchips to spy on Amazon, Apple, and the USA
Anyone who has had an eye on tech and how easy it seems for hackers to exploit security issues in order to get to user information should not be surprised that the same tech can also be used to spy. Not on individuals but on big businesses (and governments) – the like of Apple and Amazon. That’s apparently what the Chinese did to about 30 US companies, according to Bloomberg.
It’s all in the chip
30 companies – that sounds like and is a lot. One might wonder how such a thing could actually happen. The report by Bloomberg reads like a modern spy novel: Super Micro Computer Inc., one of the biggest server motherboard providers worldwide had been compromised. Tiny hardware microchips were inserted on their motherboards during the manufacturing process in China. The chip itself was not much bigger than a grain of rice and definitely not part of the original board design. Considering where Supermicro motherboards are used – the DoD, CIA, on Navy Warships, etc. – this was definitely a shock to a lot of people.
Investigation ongoing since 2015
According to the report, Amazon found out about the issue in 2015 when they hired a third-party company to look at security issues in AWS and their streaming services. The investigation has been ongoing ever since.
Considering that the chips are introduced into the motherboard during the manufacturing process, it is very likely that they were developed by a specialized computer hardware attack unit from the People’s Liberation Army. Once in place, they were able to siphon off data and let in new code – just like any good malware would.
Amazon and Apple deny the incident
Amazon, Apple, and Supermicro on the other hand deny to have had any issues with a compromised supply chain or evidence of malicious chips. While there might have been other security issues, they make it very clear that the Bloomberg report is not correct.
“The companies’ denials are countered by six current and former senior national security officials, who detailed the discovery of the chips and the government’s investigation”, responds Bloomberg.
No matter what: With China being the country where most of our hardware is produced, an incident like the above – be it fictional or real – is the stuff of nightmares for companies and governments.
This article is also available in: German