Apple, Amazon Deny Report on Chinese Hardware Attack
Apple and Amazon denied a Bloomberg report on Thursday that their systems contained malicious computer chips inserted by Chinese intelligence.
Bloomberg cited 17 unnamed intelligence and company sources as saying that Chinese spies had placed computer chips inside equipment used by around 30 companies, as well as multiple U.S. government agencies, which would give Beijing secret access to internal networks.
The spy chips were supposed to be used to gather intellectual property and trade secrets from Apple and from Amazon Web Services, an Amazon subsidiary that provides cloud computing services. They were found in servers assembled by a Chinese company Super Micro, and could've been subject to a secret US government investigation that began in 2015.
Amazon said: "We've found no evidence to support claims of malicious chips or hardware modifications."
Apple said it had refuted "virtually every aspect" of the story. "Apple has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server," the company said.
"Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers have ever been found to hold malicious chips," Apple added.
"We are deeply disappointed that in their dealings with us, Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple," Apple said.
Bloomberg reported that the chips were planted by a unit of the Chinese People's Liberation Army, which infiltrated the supply chain of a Supermicro. The operation is thought to have been targeting valuable commercial secrets and government networks, the report said.
"At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems," an AWS spokesperson added in a statement.
Super Micro noted that it wasn't aware of "any investigation regarding this topic nor have we been contacted by any government agency in this regard."
The U.S. government on Wednesday warned that a hacking group widely known as cloudhopper, which Western cybersecurity firms have linked to the Chinese government, has launched attacks on technology service providers in a campaign to steal data from their clients.
The warning came after experts with two U.S. cybersecurity companies warned this week that Chinese hacking activity has surged amid the escalating trade war between Washington and Beijing.