Published: Tue, October 09, 2018
Business | By Eloise Houston

China avoids questions about Apple, Amazon chip hack report

China avoids questions about Apple, Amazon chip hack report

(AAPL) and Amazon.com Inc.'s (AMZN) denials that their servers were compromised by Chinese spy chips. "Nothing was ever found".

According to Bloomberg's original report, microchips the size of a sharpened pencil tip (see image at the top of this article) were embedded on motherboards built by Taiwan-American firm Supermicro. According to Bloomberg, these servers wound up in the data centers of nearly 30 companies, including Apple and Amazon.

Apple's press release was equally strong.

Apple denies that any of its data centers were affected by Chinese spies. But Apple insists that the story was simply bogus. Apple's Vice President for Information Security Goerge Stathakopoulos in a letter to the Senate and House commerce committees said that Apple made repeated investigations but did not find any evidence whatsoever which support the claims made in the Bloomberg report. Tech literacy in the US, particularly within our government, is in a pretty sorry state; it's not hard to imagine someone "with knowledge of the situation" overhearing a conversation about a malfunctioning chip, which is how both Apple and Amazon explained the story away, and misunderstanding it to mean willful surveillance by whatever political interest might have supplied it. It already appears from the story that these companies may have done significant work to quietly settle the issue with the government directly.

This has led some people to wonder if something similar might be going on regarding Apple and Supermicro. "Apple never had any contact with the Federal Bureau of Investigation or any other agency about such an incident". In a follow-up email to Ars, Apple confirmed that this denial applies to other government agencies as well. "Apple has never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server".

In a statement released Saturday, the DHS said that it was "aware" of the report, but added: "Like our partners in the United Kingdom, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story".

While the Bloomberg report is short on technical details, many security experts say that whether or not this attack occurred, or occurred as alleged, it appears at least to have been technically feasible. Typically, in the wake of a big story like this, well-sourced reporters at major news organizations scramble to confirm it. "You should know that Bloomberg provided us with no evidence to substantiate their claims and our internal investigations concluded their claims were simply wrong".

"It is technically plausible", Jake Williams, a former member of the U.S. National Security Agency's hacking unit who now runs security consultancy Rendition Infosec in Augusta, Georgia, said in a Thursday web conference, the Register reports.

Like this: