Story image

Supermicro, Apple, & Amazon vs crippling scandal – who’s lying?

06 Oct 2018

How much damage a little report can do!

It’s unlikely that there was very much sleep going on at some of the data centre titans last night, as a new report has dug up a potentially gigantic scandal.

Bloomberg released its findings in an article that was published yesterday, claiming that Supermicro had sold motherboards containing malicious chips to almost 30 US customers, including Apple and Amazon. The article says the chips were planted by Chinese spies to enable backdoor access to all private networks the mother systems were involved with.

In the wake of this report Supermicro’s stocks have collapsed more than 40 percent, while Amazon and Apple each saw their stocks decline around two percent – despite all three aforementioned companies purporting the claims to be false.

Now then, to the report. Bloomberg News says the report is rock solid and based on more than a year of investigations and more than 100 interviews. On top of this, it is claimed to have inputs from multiple former and current Apple and Amazon employees, in addition to current and former US national security officials.

According to the report, Amazon first discovered the malicious chips three years ago in 2015 as a result of an overhaul following its acquisition of Elemental. The company then reported this to the relevant authorities which prompted an investigation by US intelligence agencies that is still ongoing today.

Similarly, Apple (already a big Supermicro customer) was on the verge of buying a further 30,000 servers from Supermicro in 2015 when it also discovered the chip.

Of course these are all allegations, but if true, they could blow the industry apart far beyond this trio of companies. For example, other big players like IBM and Intel are both known Supermicro customers.

In terms of how the motherboards became affected, Bloomberg claims Supermicro’s systems and components are manufactured in China with some of that work then subcontracted to other companies. The Chinese military then took advantage of these subcontractors to secretly plant the illicit chips.

Since the article painted headlines around the world, Supermicro has released a statement with input from both Apple and Amazon.

“In an article today, it is alleged that Supermicro motherboards sold to certain customers contained malicious chips on its motherboards in 2015. Supermicro has never found any malicious chips, nor been informed by any customer that such chips have been found,” the statement reads.

Amazon Web Services chief information security officer Steve Schmidt was also steadfast in his commentary.

"As we shared with Bloomberg BusinessWeek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Supermicro motherboards in any Elemental or Amazon systems,” says Schmidt.

Similarly, a statement from Apple attempted to rubbish Bloomberg’s claims.

"We are deeply disappointed that in their dealings with us, Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Supermicro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple."

To put it all in perspective, a recent IDC report states Supermicro to have shipped 175,000 servers in the second quarter of this year, making it the fifth largest vendor in terms of units shipped, shared with Huawei.

So the question remains, just who is lying? We will keep you updated as this case evolves.

Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."
D-Link hooks up with Alexa and Assistant with new smart camera
The new camera is designed for outdoor use within a wireless smart home network.
Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."