Apple, Amazon deny investigative report about Chinese spy microchip

By @chelean on
Apple WWDC 2017
The audience assembles before the start of Apple's annual developer conference in San Jose, California, U.S. June 5, 2017. Reuters/Stephen Lam

Apple Inc and Amazon.com were forced to deny that they were among the victims of an extreme Chinese espionage operation on Thursday. The two heavyweight corporations were responding to a report that claimed Chinese spies had placed “malicious chips” inside the equipment of some of the biggest companies and government agencies in the US.

In its report, Bloomberg claimed that Apple and Amazon were among the subjects of an ongoing spying operation by the People’s Liberation Army of China. It cited 17 unidentified intelligence and company sources who said that the equipment used by about 30 companies and government agencies had been implanted with malicious microchips “not much bigger than a grain of rice.” These microchips were soldered into common servers produced by server motherboards supplier Super Micro Computer Inc, creating backdoors into the victim companies.

Apple has published a denial of the Bloomberg report, saying it has conducted rigorous internal investigations based on the publication’s inquiries every time Bloomberg had approached the iPhone-maker about its report. Each time Apple investigated, it had found no evidence to support the claims.

The publication added that Apple’s Siri and Topsy servers and Amazon’s AWS servers were affected by the chips.

“On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement,” Apple said in a statement.

“In response to Bloomberg’s latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers have ever been found to hold malicious chips.”

FILE PHOTO - Tim Cook, CEO, speaks about Amazon during Apple's annual world wide developer conference (WWDC) in San Jose, California, U.S. June 5, 2017. FILE PHOTO - Tim Cook, CEO, speaks about Amazon during Apple's annual world wide developer conference (WWDC) in San Jose, California, U.S. June 5, 2017.  Reuters/Stephen Lam/File Photo

For Amazon’s chief information security officer Steve Schmidt, Bloomberg’s article had “so many inaccuracies” that “they’re hard to count.” It has named a few apparently inaccurate points, refuting each one, including Bloomberg claiming that Amazon had discovered malicious chips in a Beijing data centre when it conducted a network-wide audit of SuperMicro motherboards.

“As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government,” the statement reads.

It continued, “Security will always be our top priority. AWS is trusted by many of the world’s most risk-sensitive organisations precisely because we have demonstrated this unwavering commitment to putting their security above all else. We are constantly vigilant about potential threats to our customers, and we take swift and decisive action to address them whenever they are identified.”

Bloomberg said the companies’ denials were refuted by six and former senior national security officials.

Its investigation was the result of more than a year of reporting and more than 100 interviews conducted, the publication told Gizmodo. “We stand by our story and are confident in our reporting and sources.”

Join the Discussion