Silicon Valley tech giants Apple and Amazon have denied Bloomberg's report which claimed that Chinese hackers implanted tiny microchips on servers that made their way into data centers at both companies, among others.
According to Bloomberg, coordinated attacks by Chinese spies infiltrated almost 30 U.S. companies by compromising America’s technology supply chain, based on extensive interviews with 17 unidentified government and corporate sources.
"The most valuable company Apple was affected as it was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers," said Bloomberg.
In a quick response, Apple stated, "The October 8, 2018 issue of Bloomberg Businessweek incorrectly reports that Apple found “malicious chips” in servers on its network in 2015. As Apple has repeatedly explained to Bloomberg reporters and editors over the past 12 months, there is no truth to these claims".
Apple says that it has conducted rigorous internal investigations based on Bloomberg's inquiries over the course of the past year and each time it has found absolutely no evidence to support any of them.
“It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental,” said Amazon in its own statement.
Bloomberg's investigation concluded that, "In 2015, Amazon.com began quietly evaluating a startup called Elemental Technologies; to help with due diligence, Amazon hired a third-party company to scrutinize Elemental’s security, The first pass uncovered troubling issues, prompting the company to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression, these servers were assembled for Elemental by Super Micro Computer."
As per the published report, "In late spring of 2015, Elemental’s staff boxed up several servers and sent them to a third-party security company to test, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design.
Apple indicated that as a matter of practice, servers are inspected for security vulnerabilities and the company updates all firmware and software with the latest protections. "We did not uncover any unusual vulnerabilities in the servers we purchased from Super Micro when we updated the firmware and software according to our standard procedures," the company says.
However, Bloomberg responded that the companies’ denials are countered by six current and former senior national security officials, while 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks.