Story image

Supermicro to test for spy chips, Apple & AWS call for retraction

23 Oct 2018

Following the bombshell allegations released earlier this month, Supermicro has announced it will be conducting a review to prove its innocence.

The allegations in question came from Bloomberg in a comprehensive report that claimed Chinese spies had been infecting Supermicro motherboards destined for some of the world’s biggest companies with malicious chips that were feeding information back to China.

These firms included the likes of Apple and Amazon, both of which immediately jumped on Supermicro’s side of the fence and rubbished the claims.

Apple in particular has been vehemently opposed to the findings within the Bloomberg report. Last week the tech giant sent a public letter to US Congress signed off by Apple Information Security vice president George Stathakopoulos detailing the Bloomberg claims and why they’re nonsense.

“Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. We never alerted the FBI to any security concerns like those described in the article, nor has the FBI ever contacted us about such an investigation,” says Stathakopoulos.

And then in an interview with Buzzfeed News, Tim Cook demanded that the article should be taken down – the first time Apple has ever publically requested a news article to be withdrawn.

“There is no truth in their story about Apple,” Cook says. "They need to do the right thing and retract it."

AWS CEO Andy Jassy later posted a tweet throwing the company’s weight behind Cook and Apple – “Tim Cook is right. Bloomberg story is wrong about Amazon, too. They offered no proof, story kept changing, and showed no interest in our answers unless we could validate their theories. Reporters got played or took liberties. Bloomberg should retract.”

And now despite dismissing the allegations as false, in a letter to customers from Supermicro CEO Charles Liang the company has pledged to conduct a review to prove that its motherboards aren’t infected.

“We are confident that a recent article, alleging a malicious hardware chip was implanted during the manufacturing process of our motherboards, is wrong,” says Liang.

“Despite the lack of any proof that a malicious hardware chip exists, we are undertaking a complicated and time-consuming review to further address the article.”

One of the key points in Liang’s letter was that Bloomberg reporters have failed to produce any kind of hard evidence like a compromised motherboard or a malicious chip to prove their allegations.

Supermicro carries out manufacturing operations via subcontractors in China – where Bloomberg says the motherboards have been infected – and Liang says the company studiously checks every layer of each motherboard as well as its functionality throughout the whole process.

“Specifically our process requires the inspection of the layout and components of every product at the beginning and end of each stage of manufacturing and assembly. Our employees are on site with our assembly contractors throughout the process. These inspections include several automated optical inspections, visual inspections, and other functional inspections,” says Liang.

“We also periodically employ spot checks and x-ray scans of our motherboards along with regular auditors of our contract manufacturers. Our test processes at every step are not only designed to check functionality, but also to check for the integrity and composition of our designs and to alert us to any discrepancies in the base design.”

Liang also asserted the motherboard designs are very complex, making it “practically impossible for anyone to insert a functional, unauthorised component into a motherboard without it being caught by any one, or all, of the checks in our manufacturing and assembly process.”

However, Bloomberg is still standing steadfastly by its report and refuses to back down.

“Bloomberg Businessweek’s investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews. Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks,” the company reported in a statement.

“We also published three companies’ full statements, as well as a statement from China’s Ministry of Foreign Affairs. We stand by our story and are confident in our reporting and sources.”

So the question still remains, just who is lying or at the very least misinformed? The standoff continues.

Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."
Inspur announces AI edge computing server with NVIDIA GPUs
“The dynamic nature and rapid expansion of AI workloads require an adaptive and optimised set of hardware, software and services for developers to utilise as they build their own solutions."
365 Data Centers secures additional funding for expansion
The company asserts the financing commitments come as it looks to invest in further substantial internal and external growth.
HPE launches 'right mix' hybrid cloud assessment tool
HPE has launched an ‘industry-first assessment software’ to help businesses work out the right mix of hybrid cloud for their needs.
ADLINK and Charles announce multi-access pole-mounted edge AI solution
The new solution is a compact low profile pole or wall mountable unit based on an integration of ADLINK’s latest AI Edge Server MECS-7210 and Charles’ SC102 Micro Edge Enclosure.