- Twitch-famous bounty hunter kicks down target’s door in wildly popular live stream 9 Months Ago
- New GOP bill would audit major tech companies for bias 9 Months Ago
- Instagram artist accused of faking her paintings says they’re ‘100%’ real 9 Months Ago
- Trump refuses to apologize for Central Park Five death penalty ads 9 Months Ago
- While Rubio smiles at Trump’s campaign rally, the internet drags him Today 11:04 AM
- Dr Disrespect is still banned from Twitch. When will he be back? Today 10:36 AM
- ‘Avengers: Endgame’ is returning to theaters with new material Today 10:18 AM
- House fails to pass amendment curbing government surveillance Today 10:12 AM
- What happened when Ed Krassenstein crashed the Chapo Trap House subreddit Today 9:21 AM
- Andrew Yang comes out as pro-Bird Scooters Today 8:59 AM
- Netflix claims Adam Sandler’s ‘Murder Mystery’ broke viewing records Today 8:09 AM
- How to watch ‘Yellowstone’ online for free Today 8:00 AM
- How online allies joined a trans artist’s street art war Today 7:30 AM
- These edited videos show the dark side of your favorite cartoons Today 7:00 AM
- Coca-Cola now exists in ‘Star Wars’ canon Today 6:44 AM
Bloomberg: China secretly installed chip on motherboards used by 30 U.S. companies
ANDRANIK HAKOBYAN/Shutterstock (Licensed)
A tiny chip may have infiltrated products sold by 30 companies, and used by the U.S. government.
A potentially damning report published by Bloomberg Thursday morning claims that more than 30 U.S. companies including Amazon and Apple may have had their products compromised by a Chinese chip. The culprit, according to internal corporate and government sources, is Silicon Valley company Super Micro, a major supplier of computer motherboards. Multiple parties including Amazon, Apple, and Super Micro deny the allegations.
According to the report, during the supply chain process, San Jose-based Super Micro secretly embedded a tiny microchip, roughly the size of a grain of rice, on motherboards used in a huge variety of products used by both the U.S. military, American companies, and financial institutions. Amazon initially discovered the chip as it evaluated a startup called Elemental for acquisition. A third-party Canadian company analyzed Elemental’s server products and discovered the tiny microchip.
Amazon then reported the finding to authorities, kicking off a multi-year investigation.
“During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines,” Bloomberg writes. “Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.”
The goal of this subterfuge, according to a government official, was to gain access to valuable corporate secrets and government networks. These chips could subtly alter how a device functioned and could open backdoors through which other hackers could eventually make attacks. Consumer data was not a primary target, and there’s no evidence that consumer data was breached.
FBI traced the chips’ source to four Super Micro sub-contractors overseas, where middlemen posing as company representatives requested changes to motherboards, unbeknownst to actual Super Micro officials. Super Micro is the leader in the $1 billion motherboard space, with more than 900 customers in 2015.
Apple denies the allegations; it says that the company has “never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.”
“We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed,” Apple told CNBC. “Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.”
Amazon also refutes the report. “We’ve found no evidence to support claims of malicious chips or hardware modifications,” Amazon says. In a statement in Amazon’s report, it said, “It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental.”
Super Micro denies the report, and the Chinese foreign ministry told CNBC that “China is a resolute defender of cybersecurity.”
However, Bloomberg says six senior national security officials confirm the discovery of these chips and the ensuing probe. Including internal sources at Amazon, Apple, and other companies, the tally of individuals confirming Bloomberg’s findings comes to 17.
Read the full report here.
H/T Brian Krebs
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.