Bloomberg reported that China had inserted tiny chips into computer equipment manufactured for about 30 US companies, including Apple and Amazon, to steal its technology secrets, citing government and corporate sources. The report further said that the chips were used in equipment made for various US companies and government agencies.
According to Bloomberg, Amazon in its three-year secret investigation uncovered the malicious chips while examining servers manufactured by a start-up called Elemental technologies, which Amazon eventually acquired.
Bloomberg also reported that a unit of the Chinese People’s Liberation Army infiltrated the supply chain of computer hardware maker Super Micro Computer Inc to plant malicious chips that could be used to steal corporate and government secrets.
The investigation found that Elemental servers, which were assembled by Super Micro, were tainted with tiny microchips that were not part of their design, Bloomberg said. Amazon reported the matter to US authorities, who determined that the chips allowed attackers to create “a stealth doorway” into networks using those servers, the report said.
White House national security adviser John Bolton told Bloomberg that Chinese cyber attacks on the US validate Trump administration’s emphasis on offensive cyber operations of its own. He did not confirm whether the White House was aware of the cyber hack before Bloomberg report.
According to the report, Apple had earlier planned to order 30,000 Supermicro servers in two years. Bloomberg also reported that Apple in 2015 found malicious chips in servers it purchased from the hardware maker, citing three unidentified company insiders. In 2016, Apple severed ties with Supermicro owing to unrelated reasons, the report said.
Apple and Amazon both denied the report on Thursday, according to Reuters. In a detailed statement on its website Apple wrote, The October 8, 2018 issue of Bloomberg Businessweek incorrectly reports that Apple found “malicious chips” in servers on its network in 2015. As Apple has repeatedly explained to Bloomberg reporters and editors over the past 12 months, there is no truth to these claims.
Apple provided Bloomberg Businessweek with the following statement before their story was published:
“Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple. Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.”