Bloomberg Businessweek published a bombshell article alleging that a malicious microchip smaller than a grain of rice was secretly embedded into server motherboards designed and sold by SuperMicro and installed by 30 U.S. companies, including Amazon Web Services and Apple. The article, which cites unnamed U.S. government officials and insiders at AWS and Apple, claims that Chinese government agents led the operation, which amounts to "the most serious" attack on the hardware supply chain of the IT industry. Bloomberg said the case dates back to 2014 - 2015 and concerns servers supplied by Elemental Technologies of Portland, Oregon, a supplier of specialized video caching servers based on SuperMicro servers. AWS
Apple, AWS and SuperMicro all issued statements strongly refuting the article.
Super Micro: "Supermicro has never found any malicious chips, nor been informed by any customer that such chips have been found... Supermicro has never been contacted by any government agencies either domestic or foreign regarding the alleged claims."
AWS, Steve Schmidt, Chief Information Security Officer: "As we shared with Bloomberg BusinessWeek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Supermicro motherboards in any Elemental or Amazon systems."
Bloomberg said it was confident in its reporting and had multiple sources to verify the attack.
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
Thursday, October 4, 2018
Bloomberg: The Big Hack
Thursday, October 04, 2018