Chinese spy chips are
found in hardware used by Apple, Amazon, Bloomberg says; Apple, AWS say no way
Kate Fazzini (CNBC.com)
Published 6:15 AM ET
Thu, 4 Oct 2018
Updated 7:36 PM ET Fri, 5 Oct 2018
The chip could have
enabled China to view the network of several companies, but Apple, AWS and
Super Micro deny the claims, according to a report by Bloomberg BusinessWeek.
Apple, AWS and Super
Micro dispute the report.
Amazon and Apple data
equipment hacked by China with super small chips, says Bloomberg
Data center equipment run by Amazon Web Services and Apple
may have been subject to surveillance from the Chinese government via a tiny
microchip inserted during the equipment manufacturing process, according to a
Bloomberg BusinessWeek report on Thursday. The claims in the report have been
strongly disputed by the technology giants.
The chips, which Bloomberg said have been the subject of a top secret U.S. government investigation starting in 2015,
were used for gathering intellectual property and trade secrets from American
companies and may have been introduced by Super Micro, a Silicon Valley company
that manufacturers parts for servers in China.
Apple, AWS and Super Micro dispute the report. Apple said it
did not find the chips as asserted by BusinessWeek — which cited anonymous
government and corporate sources. Super Micro reportedly denied that it
introduced the chips during the manufacturing.
Shares of Super Micro plummeted more than 40 percent
following the report. Trading of the small server company's common stock on the
Nasdaq was suspended on Aug. 23 after repeatedly missing SEC filing deadlines.
Super Micro shares now trade on over-the-counter markets.
Apple shares edged 1 percent lower in Thursday trading,
while Amazon fell about 1.5 percent.
Asked by CNBC for comment, Apple reiterated its strong
denials of the report, stating: "We are deeply disappointed that in their
dealings with us, Bloomberg's reporters have not been open to the possibility
that they or their sources might be wrong or misinformed. Our best guess is
that they are confusing their story with a previously reported 2016 incident in
which we discovered an infected driver on a single Super Micro server in one of
our labs. That one-time event was determined to be accidental and not a
targeted attack against Apple."
AWS has also denied the report, telling CNBC in a statement,
"As we shared with Bloomberg BusinessWeek multiple times over the last
couple months, at no time, past or present, have we ever found any issues
relating to modified hardware or malicious chips in SuperMicro
motherboards in any Elemental or Amazon systems."
A statement from the China foreign ministry said "China is a resolute defender of
cybersecurity."
According to Bloomberg, the problem was discovered in 2015
and confirmed by independent security investigators hired by the cloud
providers. Super Micro servers were removed by Apple that year, according to
the report, which also asserts ties with Super Micro were severed in 2016. A
follow-up investigation involving several government agencies was conducted, as
well. Apple and AWS deny these moves involving Super Micro were related to chip
worries. No consumer data was stolen as part of the alleged campaign, according
to the report.
China has long been suspected — but rarely directly
implicated — in en masse spy campaigns based on
hardware made there. The majority of electronic
components used in U.S. technology are manufactured in China. Companies
including component manufacturers Huawei and ZTE, as well as surveillance
camera maker Hikvision, have all fallen under intense suspicion and scrutiny
from the U.S. government in the past year.
Intellectual property theft is one of the core arguments for
tough trade restrictions on China by the Trump administration.