Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

Super Micro to Customers: Chinese Spy Chips Story Is Wrong

A Bloomberg article claiming that tiny chips were inserted in Super Micro Computer Inc. equipment “is wrong,” the California-based server manufacturer says.

A Bloomberg article claiming that tiny chips were inserted in Super Micro Computer Inc. equipment “is wrong,” the California-based server manufacturer says.

The article, which Bloomberg ran in early October, claimed that Chinese spies, likely state-sponsored, were able to infiltrate production processes and include chips the size of a grain of rice on equipment used by tech giants such as Amazon and Apple.

The chips, the story claimed, would create a stealthy, hardware-based doorway into computer equipment. Attackers could then reportedly leverage these chips to compromise systems in an effort to spy on more than 30 organizations in the United States.

Super Micro has refuted the claims right from the start, saying that it never found any such malicious chips in its equipment, nor has it been informed by a customer on the discovery of such chips.

The U.S. Department of Homeland Security (DHS) and the U.K. National Cyber Security Centre (NCSC) have denied any investigations supposedly launched as a result of the discovery of spy chips.

Amazon said it never found evidence of malicious hardware in Super Micro equipment, while Apple told the U.S. Congress the Bloomberg story was “simply wrong.”

In a letter sent to its customers and also forwarded to the U.S. Securities and Exchange Commission, Super Micro too calls the Bloomberg story wrong. The company also notes that it doesn’t know of or has seen any malicious hardware chips implanted during the manufacturing of their motherboards.

“We trust you appreciate the difficulty of proving that something did not happen, even though the reporters have produced no affected motherboard or any such malicious hardware chip. As we have said firmly, no one has shown us a motherboard containing any unauthorized hardware chip, we are not aware of any such unauthorized chip, and no government agency has alerted us to the existence of any unauthorized chip,” the letter reads.

The company also reveals that, despite the lack of proof, it has decided to undertake “a complicated and time-consuming review to further address the article.” Furthermore, Super Micro notes, it is testing every board, both visually and functionally, throughout the entire manufacturing process.

The letter is meant to reassure customers of the complex testing process it employs for its products, which includes “several automated optical inspections, visual inspections, and other functional inspections.” These tests, the company says, are meant to also check the integrity and composition of designs, so as to discover any discrepancies.

“Our motherboard designs are extremely complex. This complexity makes it practically impossible to insert a functional, unauthorized component onto a motherboard without it being caught by any one, or all, of the checks in our manufacturing and assembly process. The complex design of the underlying layers of the board also makes it highly unlikely that an unauthorized hardware component, or an altered board, would function properly,” the company points out.

“Our motherboard technology involves multiple layers of circuitry. It would be virtually impossible for a third party, during the manufacturing process, to install and power a hardware device that could communicate effectively with our Baseboard Management Controller because such a third party would lack complete knowledge (known as “pin-to-pin knowledge”) of the design,” Super Micro also notes.

Others too have investigated Bloomberg’s claims and note that the manner in which the article says the spy chips would be activated is technically implausible.

In an interview with BuzzFeed News, Apple CEO Tim Cook denied the allegations, and even said that Bloomberg should retract their story. Andy Jassy of Amazon Web Services (AWS) too says Bloomberg should retract.

Andy Jassy of AWS says Bloomberg should retract Chinese spy chips story

Immediately after the original article was published, the stocks of Chinese companies Lenovo Group and ZTE Corporation took a hit. Super Micro’s stock dropped more than 40% and only recovered slightly.

Related: Apple Tells Congress Chinese Spy Chip Story Is False

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.