China is accused of implanting hardware in sensitive servers during the manufacturing process — a feat security experts consider to be next to impossible
Apple and Amazon have denied that their systems were compromised in an alleged scheme by Chinese spy agencies that involved compromising the supply chain of a US server manufacturer.
Super Micro Computer, also known as Supermicro, also denied the claims in a report by Bloomberg.
The report alleges that a unit of China’s People’s Liberation Army gained access to the internal systems of dozens of companies and US government agencies by planting chips in servers made by Super Micro during the manufacturing process at plants in China.
Super Micro was founded in 1993 in the US by Taiwanese immigrants, and carries out manufacturing operations via subcontractors in China.
It is one of the world’s biggest providers of server motherboards, with hundreds of high-profile customers.
The allegations are based on a top-secret US government probe that began in 2015 and is still open, Bloomberg reported, citing a number of unnamed company and government sources.
The malicious chips allegedly affected nearly 30 companies, including Apple, a major bank and government contractors, Bloomberg said.
The affected servers were found to be present in Department of Defence data centres, on board warships and handling data from CIA drones, the report said.
It said the government inquiry began after Amazon examined servers made by Super Micro for a video processing software start-up called Elemental Technologies. Amazon later acquired Elemental, which is now a unit of its Amazon Web Services cloud infrastructure arm.
Bloomberg said the probe led to companies ending their relationships with Super Micro, and that Apple ended its relationship with the server maker after it, like Amazon, found suspicious chips in its hardware.
Amazon and Apple both said Bloomberg’s report was devoid of substance.
Amazon said it had “found no evidence to support claims of malicious chips or hardware modifications”.
Apple said Bloomberg had contacted the company “multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident.
“Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them.
“We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.”
Super Micro said it was “not aware” of a government investigation or of customers ceasing to use its products because of Chinese hacking fears.
China’s Ministry of Foreign Affairs said the report was a “gratuitous accusation”, and said the safety of supply chain was an “issue of common concern” of which China was “also a victim”.
Bloomberg itself cited a security expert as saying that implanting malicious hardware at the supply chain level and ensuring it reached the desired customers would be “like witnessing a unicorn jumping over a rainbow”, but said that was exactly what government investigators had found.
The allegations arrive amidst a burgeoning trade war between the US and China that is accompanied by increasingly heated rhetoric from both countries.
The US has long accused China of carrying out espionage activities via its dominance of the production of high-tech products such as PCs and smartphones. Bloomberg cited estimates that China assembles 75 percent of the world’s mobile phones and 90 percent of its PCs.
Due to such concerns the US government has taken an increasingly hostile line against Chinese hardware manufacturers including Huawei and ZTE, two of the world’s biggest makers of telecommunications networking equipment.