Search
Close this search box.

Chinese spy chips are found in hardware used by Apple, Amazon, Bloomberg says

Share:

Is China Really Planting Chips to Spy on the the world?

Last week, Bloomberg published an article claiming that China has been implanting chips to infiltrate US companies. It alleged that the technology company Super Micro Computer Inc., was producing servers which had been compromised by spy chips that were hidden in the motherboards. These servers are being used by some of the globe’s biggest tech companies, posing grave dangers to our online world.

The article took the mainstream media by storm, after all, it was a story about China spying on us, something that’s sure to drive up the clicks. The report was certainly alarming as the 30 or so affected companies included Apple and Amazon. Despite the interest that this article has generated, there are a few key issues with Bloomberg’s reporting.

No Solid Evidence

Huge claims require large amounts of evidence to back them up. If this story is true, it’s terrifying and will have huge ramifications. However, not a single shred of solid evidence has emerged after more than a week.

The story claims to be based off interviews with 17 anonymous sources, including “past and former senior national security officials”. Yes, it’s important for journalists to protect their sources, but for security compromises this significant, you would expect at least someone to be willing to attach their name to it, at least in the wake of these events.

If these chips were as widespread as claimed, then surely someone would have found one by now. Perhaps a company whistleblower willing to break rank, or one of the many security researchers who do this for a living.

The lack of documentation is worrying, especially as it seems that even the Bloomberg reporters couldn’t get a hold of any photos. The huge graphic that accompanies the story is just some illustrated GIF that supposedly shows where the chip should be.

The lack of evidence has made many security experts sceptical of the claims, including Kim Zetter and Robert M. Lee.

The Follow Up Reports

Bloomberg has published several additional articles which seem to try to add weight to this initial bombshell. One of them “New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom”, alleges that a U.S. telecom company has found hardware that had been tampered with that originated from Super Micro Computer Inc..

The problem with the article? The expert that they quoted, Yossi Appleboum, claims that the issues that were discovered were actually in products from a range of vendors, not just Super Micro Computer Inc.. While the article does acknowledge this towards the end, it is much more heavy-handed towards Super Micro Computer Inc. than Mr Appleboum’s own comments imply.

The Denials

When something this big happens, we expect denials. Companies and governments never want to own up to their mistakes or oversight. Often we get a no comment, or a very non-committal response that has been finely combed-over by lawyers.

This time, it’s different. Both Apple and Amazon have released strong rebuttals denying the contents of the Bloomberg story. The denials are far more forceful than you would expect, with Apple stating: “In the end, our internal investigations contradict every consequential assertion made in the article – some of which, we note, were based on a single anonymous source.”

On top of this, both the U.S. Department of Homeland Security (DHS) and the U.K. National Cyber Security Centre (NCSC) both deny that they ever launched investigations into the Chinese spy chips, which is a pivotal claim of the article.

Sure, all of these organisations have reasons to lie if Bloomberg’s claims do turn out to be true, but if they are lying, these strongly worded responses are digging them into a much deeper whole which will surely result in litigation and heads rolling.

What’s Really Going On?

While this article severely criticises Bloomberg’s claims, it is not its intention to deny that some kind of hardware spying could be happening. Spying is happening every day, and undoubtedly compromised hardware is facilitating widespread eavesdropping. In the case of SuperMicro, there may be some truth to what the reporters are saying, but we simply need more facts. It’s important to remain sceptical until we receive concrete evidence of what is actually going on and why it is happening.

On a more positive note, the Bloomberg articles serve as a reminder of just how cautious we need to be about our overall security. At the moment, our supply chains for computer hardware are completely out of our control, which brings about a number of security risks.

Is the solution to ban all technology from China? Probably not. But we should definitely be taking the opportunity to discuss how we can secure our hardware, along with what checks and balances we need to have in place. If you’re worried that your business’s hardware could be compromised, contact the team at Gridware for an assessment.

Contact

Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Company

Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →

Services

Services

Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl
360

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution

Resources

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →