Bloomberg: China inserted chips in Amazon and Apple hardware to spy

A Bloomberg BusinessWeek report out today says the Chinese government implanted tiny microchips into the servers used by Apple and Amazon to spy on U.S. companies. The chips were allegedly inserted into the servers used by Apple and Amazon during the manufacturing process by a Chinese company called Super Micro, which assembled the servers.

Bloomberg, citing multiple sources, said the infiltration was first discovered in 2015 and confirmed by independent investigators before a full investigation was launched my multiple U.S. government agencies. In total, Bloomberg says, the hack allowed the Chinese government to spy on almost 30 American companies.

Amazon, Apple, and Super Micro have all issued statements disputing Bloomberg‘s reports. Apple said:

We are deeply disappointed that in their dealings with us, Bloomberg‘s reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.

And Amazon:

It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental. It’s also untrue that AWS knew about servers containing malicious chips or modifications in data centers based in China, or that AWS worked with the FBI to investigate or provide data about malicious hardware.

We’ve re-reviewed our records relating to the Elemental acquisition for any issues related to SuperMicro, including re-examining a third-party security audit that we conducted in 2015 as part of our due diligence prior to the acquisition. We’ve found no evidence to support claims of malicious chips or hardware modifications.

China’s Ministry of Foreign Affairs also chimed in:

We hope parties make less gratuitous accusations and suspicions but conduct more constructive talk and collaboration so that we can work together in building a peaceful, safe, open, cooperative, and orderly cyberspace.

It has long been suspected that China does indeed carry out espionage by inserting spy tools into hardware made in the Chinese supply chain, but public evidence of such activities is scarce.