Earlier this month, Bloomberg reported allegations that Apple, Amazon, and 28 other US companies were potentially infiltrated by Chinese spy chips embedded into the hardware of their computer servers. The story, headlined, The Big Hack: How China Used a Tiny Chip to Infiltrate US Companies, revealed that the backdoor was created using a tiny chip, about the size of a grain of rice, compromising US’ technology supply chain.
The said computer servers were assembled by Super Micro, a San Jose-based company and one of the world’s biggest suppliers of server motherboards, chips and capacitors. The alleged spy chips, reportedly originating from China, were said to be nested on the servers’ motherboard, a detail not present in the original design.
Investigations reportedly suggest that these chips could potentially allow hackers to create a stealth backdoor to the network where the machines are included. According to reports, the chips were inserted at factories owned by manufacturing subcontractors in China.
Bloomberg highlighted that if confirmed, this attack could be worse than previous security breaches. Most of the attacks that we’re used to are software-based, while this one is hardware-based. Software attacks are more common than hardware hacks because it is easier to send a bug through remote connection than to tinker or hide spy chips in hardware pieces. Hardware attacks are more complicated and difficult to pull off, but the effects are more devastating and long-term.
Pro Tip: Scan your Mac for performance issues, junk files, harmful apps, and security threats
that can cause system issues or slow performance.
Special offer. About Outbyte, uninstall instructions, EULA, Privacy Policy.
If the allegations hold true, the implications could extend beyond corporate espionage, potentially affecting entities like the US Military and law enforcement, given the reported use of the same servers by the Department of Defense, the CIA’s drone operations, Navy warships, and others.
Industry Response
Bloomberg’s report suggests that, according to their sources, senior insiders from Apple discovered the chips in the summer of 2015 and reported their findings to the FBI, keeping the details confidential. A year after the chips were discovered, Apple broke up with Super Micro and removed all 7,000 Super Micro servers from its data centers.
However, Apple denied all these rumors in a statement released to the media, saying that Apple has no evidence of spy chips in their servers. According to Apple, Bloomberg reached out several times over the past year with claims of security incidents. Internal investigations were conducted based on the inquiries, but Apple “has found absolutely no evidence to support any of them.”
The statement emphasized that Apple did not find any China spy chips, hardware tampering, or vulnerabilities intentionally planted in their servers. The company has also denied contacting the FBI or any law enforcer about the incident.
Apple has expressed disappointment with Bloomberg’s report, suggesting that the media company might have confused the incident with a separate security problem from 2016 involving an infected driver on one Super Micro server in one of their labs.
Amazon also denied the reports, saying that there are so many inaccuracies in Bloomberg’s article. The statement released by Steve Schmidt, Chief Information Security Officer at Amazon Web Services (AWS), said that:
“We never found modified hardware or malicious chips in Elemental servers. Aside from that, we never found modified hardware or malicious chips in servers in any of our data centers.”
Elemental is the tech start-up Amazon was considering acquiring and where the malicious chips were discovered.
Apple’s Vice President of Information Security George Stathakopoulos disputed the number of sources Bloomberg claimed in its report, stating that the China spy chip allegations were made by a single source, not by corroborating 17 sources as claimed by Bloomberg.
Bloomberg, however, stands by the validity of its original report.
Impact on Consumers
Why should these claims concern us? The significance of these allegations lies in the potential impact on the security of consumer data if the companies involved were indeed compromised. For example, Apple users’ data might get compromised because of these malicious chips.
To ensure data protection, consider fully deleting trash files from your computer, as they could contain sensitive information. Tools like Outbyte macAries aim to assist with this. However, evaluate the app’s features to determine if it fits your security needs.
Amazon users are also at risk, especially the financial information of its users. Anti-virus and malware detection software is not enough to shield you from attacks like this. What you can do is use an encrypted VPN connection to hide your financial data from these attackers.
While the veracity of the Bloomberg article continues to be a topic of discussion, a crucial question that emerges is our preparedness to handle such sophisticated cyber attacks.