Earlier today, Oct. 4, Bloomberg Businessweek published a lengthy story about apparent hacking that took place against some of the biggest companies in the United States at the hands of China, including Apple and Amazon. The iPhone maker has now gone on record to discount much of what the story said.
What Businessweek said
Businessweek claims that Chinese spies compromised America’s technology supply chain in recent years by infiltrating companies that supplied parts to Supermicro. The San Jose-based company is one of the world’s largest suppliers of server motherboards. It claims investigators have concluded the “intricate scheme” was the work of a People’s Liberation Army unit that specializes in hardware attacks.
According to the report, China was able to attach tiny microchips the size of a rice grain to many of these parts. From there, they made their way onto Supermicro’s server motherboards and eventually to companies like Apple. Once the servers were turned on, the microchips were designed to alter the machine’s operating system so that it could accept code modifications.
Businessweek claims that Apple, Amazon, and others told U.S. authorities about this when the microchips were discovered and subsequently removed the affected machines.
Further, Businessweek said it found no direct evidence that company or user data was stolen from any of those affected.
Apple says Businessweek is incorrect with its reporting and notes Bloomberg had contacted the company “multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident.” The company conducted “rigorous internal investigations based on their inquiries.” Each time, Apple “found absolutely no evidence to support any of them.” Additionally, “We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.”
It also noted, “As a matter of practice, before servers are put into production at Apple they are inspected for security vulnerabilities and we update all firmware and software with the latest protections. We did not uncover any unusual vulnerabilities in the servers we purchased from Super Micro when we updated the firmware and software according to our standard procedures.”
Further, it suggests Businessweek is confusing their story with a 2016 incident in which Apple had discovered an infected driver on a single Supermicro server in one of the company’s labs.
“That one-time event was determined to be accidental and not a targeted attack against Apple,” the iPhone maker explains.
Apple isn’t the only one questioning Businessweek’s reporting.
Amazon said it was unaware of any “supply chain compromise, an issue with malicious chips, or hardware modifications.”
Supermicro is equally frank, noting, “While we would cooperate with any government investigation, we are not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard. We are not aware of any customer dropping Supermicro as a supplier for this type of issue.”
Even the Chinese government has offered a statement with the communist country’s Ministry of Foreign Affairs stating:
China is a resolute defender of cybersecurity. It advocates for the international community to work together on tackling cybersecurity threats through dialogue on the basis of mutual respect, equality and mutual benefit.
I’m not about to question Apple, Businessweek, or anyone else on this issue. It could be that Businessweek is entirely wrong, Or, perhaps the story is correct, but because of security issues, Apple and the other companies involved cannot legally confirm the events did occur.
What do you think? Let us know below.