Story image

Supermicro to test for spy chips, Apple & AWS call for retraction

23 Oct 18

Following the bombshell allegations released earlier this month, Supermicro has announced it will be conducting a review to prove its innocence.

The allegations in question came from Bloomberg in a comprehensive report that claimed Chinese spies had been infecting Supermicro motherboards destined for some of the world’s biggest companies with malicious chips that were feeding information back to China.

These firms included the likes of Apple and Amazon, both of which immediately jumped on Supermicro’s side of the fence and rubbished the claims.

Apple in particular has been vehemently opposed to the findings within the Bloomberg report. Last week the tech giant sent a public letter to US Congress signed off by Apple Information Security vice president George Stathakopoulos detailing the Bloomberg claims and why they’re nonsense.

“Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. We never alerted the FBI to any security concerns like those described in the article, nor has the FBI ever contacted us about such an investigation,” says Stathakopoulos.

And then in an interview with Buzzfeed News, Tim Cook demanded that the article should be taken down – the first time Apple has ever publically requested a news article to be withdrawn.

“There is no truth in their story about Apple,” Cook says. "They need to do the right thing and retract it."

AWS CEO Andy Jassy later posted a tweet throwing the company’s weight behind Cook and Apple – “Tim Cook is right. Bloomberg story is wrong about Amazon, too. They offered no proof, story kept changing, and showed no interest in our answers unless we could validate their theories. Reporters got played or took liberties. Bloomberg should retract.”

And now despite dismissing the allegations as false, in a letter to customers from Supermicro CEO Charles Liang the company has pledged to conduct a review to prove that its motherboards aren’t infected.

“We are confident that a recent article, alleging a malicious hardware chip was implanted during the manufacturing process of our motherboards, is wrong,” says Liang.

“Despite the lack of any proof that a malicious hardware chip exists, we are undertaking a complicated and time-consuming review to further address the article.”

One of the key points in Liang’s letter was that Bloomberg reporters have failed to produce any kind of hard evidence like a compromised motherboard or a malicious chip to prove their allegations.

Supermicro carries out manufacturing operations via subcontractors in China – where Bloomberg says the motherboards have been infected – and Liang says the company studiously checks every layer of each motherboard as well as its functionality throughout the whole process.

“Specifically our process requires the inspection of the layout and components of every product at the beginning and end of each stage of manufacturing and assembly. Our employees are on site with our assembly contractors throughout the process. These inspections include several automated optical inspections, visual inspections, and other functional inspections,” says Liang.

“We also periodically employ spot checks and x-ray scans of our motherboards along with regular auditors of our contract manufacturers. Our test processes at every step are not only designed to check functionality, but also to check for the integrity and composition of our designs and to alert us to any discrepancies in the base design.”

Liang also asserted the motherboard designs are very complex, making it “practically impossible for anyone to insert a functional, unauthorised component into a motherboard without it being caught by any one, or all, of the checks in our manufacturing and assembly process.”

However, Bloomberg is still standing steadfastly by its report and refuses to back down.

“Bloomberg Businessweek’s investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews. Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks,” the company reported in a statement.

“We also published three companies’ full statements, as well as a statement from China’s Ministry of Foreign Affairs. We stand by our story and are confident in our reporting and sources.”

So the question still remains, just who is lying or at the very least misinformed? The standoff continues.

AWS tops all four global markets, APAC a unique case
The order of proceedings remains relatively the same in three of the four major regions for public cloud services providers, but the APAC market is bolstered by the prominence of China.
What Brexit? Equinix invests £90m in new London data centre
The company is confident Brexit will have no impact on the data centre market in London, with its total investment in the London metro area exceeding £930m.
Datacentres Ireland gets the ball rolling in Dublin
Ireland’s largest dedicated gathering of suppliers for data centres today opened in Dublin and is set to span two days.
Huawei obtains world’s first PUE test certificate for modular data center product
Huawei is supposedly committed to providing users with green, efficient and reliable data center energy solutions.
Five secrets – Workday’s 2019 winning formulas
We thoroughly investigate why business software vendor Workday believes 2019 will be their best year yet.
Exclusive: Strengths and limitations of the AWS/Cisco partnership
Iguazio CEO Yaron Haviv discusses whether the partnership really is a 'match made in heaven' and what it means for the industry.
Google Cloud CEO stepping down to welcome ex-Oracle exec
Google Cloud has grown significantly under Greene's tenure, but has involved tens of billions of dollars and little gains on AWS and Azure.
Mobile Infrastructure market sees fastest growth since 2014
The report from Dell’Oro shows that while the vendor rankings for the top three vendors remained unchanged with Huawei, Ericsson, and Nokia leading.