- Actor Amanda Seales pushes back on #FreeRodneyReed movement Monday 10:58 PM
- Netflix thriller ‘Earthquake Bird’ can’t solve its own mystery Monday 4:45 PM
- Goop is selling an expensive ‘restraining arts’ BDSM kit Monday 4:17 PM
- Body positivity actress Lili Reinhart calls out Photoshopping app Monday 3:42 PM
- ‘Rick and Morty’ zeroes in on connections and leans into familiar territory Monday 3:30 PM
- People are sharing photos of how much they’ve changed in a decade Monday 2:30 PM
- A few of our favorite things on Newegg are on sale for Black Friday Monday 2:15 PM
- Disney adds ‘Bob’s Burgers’ movie back to release schedule after accidentally yanking it Monday 2:02 PM
- Ocasio-Cortez launches petition demanding Stephen Miller’s resignation Monday 1:24 PM
- Prince Andrew’s defense against child sex crimes stokes conspiracy theory flames Monday 1:20 PM
- More people may be looking to cancel Disney+ than Netflix Monday 1:09 PM
- Monday Night Football: How to stream Chiefs vs. Chargers live Monday 1:00 PM
- After days of deadly protests, Iran implements ‘largest internet shutdown ever’ Monday 12:55 PM
- ‘Disney Plus and thrust’ is apparently the new Netflix and Chill Monday 12:32 PM
- Woman fired, sued after coworker shared their sexts Monday 12:22 PM
A potentially damning report published by Bloomberg Thursday morning claims that more than 30 U.S. companies including Amazon and Apple may have had their products compromised by a Chinese chip. The culprit, according to internal corporate and government sources, is Silicon Valley company Super Micro, a major supplier of computer motherboards. Multiple parties including Amazon, Apple, and Super Micro deny the allegations.
According to the report, during the supply chain process, San Jose-based Super Micro secretly embedded a tiny microchip, roughly the size of a grain of rice, on motherboards used in a huge variety of products used by both the U.S. military, American companies, and financial institutions. Amazon initially discovered the chip as it evaluated a startup called Elemental for acquisition. A third-party Canadian company analyzed Elemental’s server products and discovered the tiny microchip.
Amazon then reported the finding to authorities, kicking off a multi-year investigation.
“During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines,” Bloomberg writes. “Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.”
The goal of this subterfuge, according to a government official, was to gain access to valuable corporate secrets and government networks. These chips could subtly alter how a device functioned and could open backdoors through which other hackers could eventually make attacks. Consumer data was not a primary target, and there’s no evidence that consumer data was breached.
FBI traced the chips’ source to four Super Micro sub-contractors overseas, where middlemen posing as company representatives requested changes to motherboards, unbeknownst to actual Super Micro officials. Super Micro is the leader in the $1 billion motherboard space, with more than 900 customers in 2015.
Apple denies the allegations; it says that the company has “never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.”
“We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed,” Apple told CNBC. “Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.”
Amazon also refutes the report. “We’ve found no evidence to support claims of malicious chips or hardware modifications,” Amazon says. In a statement in Amazon’s report, it said, “It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental.”
Super Micro denies the report, and the Chinese foreign ministry told CNBC that “China is a resolute defender of cybersecurity.”
However, Bloomberg says six senior national security officials confirm the discovery of these chips and the ensuing probe. Including internal sources at Amazon, Apple, and other companies, the tally of individuals confirming Bloomberg’s findings comes to 17.
Read the full report here.
H/T Brian Krebs
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.