Apple and Amazon deny report they were hit by one of the most damaging hacks ever

If China managed such an attack it would be like building a doorway into the US tech industry

Andrew Griffin
Thursday 04 October 2018 14:11 BST
Comments
Phil Schiller, senior vice president of worldwide marketing at Apple Inc., speaks at an Apple event at the Steve Jobs Theater at Apple Park on September 12, 2018 in Cupertino, California
Phil Schiller, senior vice president of worldwide marketing at Apple Inc., speaks at an Apple event at the Steve Jobs Theater at Apple Park on September 12, 2018 in Cupertino, California (Justin Sullivan/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A new report claims that China managed to spy on large swathes of the world by smuggling tiny computer chips into electronic hardware used to power iPhones and many other products.

If true, the allegations from Bloomberg News represent the probably the biggest and most destructive hacks ever to have happened. They would allow the Chinese government to have access to devices not by exploiting loopholes but from the very beginning, letting them listen in on people's communications over the internet with ease.

But the companies involved have already strenuously denied the reports, and claimed no such attack has actually happened.

The report claimed that Chinese operatives from the People's Liberation Army had infiltrated a manufacturer of motherboards for servers, Supermicro, and placed tiny chips onto them. Those motherboards had gone on to be used around the world, including in the US, allowing the chips to be easily smuggled into the country.

It claimed that companies including Apple and Amazon had used the hardware to power their popular web services. That would mean that the small Chinese chip would be able to monitor the communications of hundreds of millions of normal people around the world.

The same hardware that powered those cloud services is also used in some of the most important and sensitive parts of US military hardware, including servers for the Department of Defense, which is just one of hundreds of different uses of the affected server motherboards.

State actors including the US and China spend huge amounts of resources on looking for software holes in important computing equipment, and they are regularly found and exploited. But a hardware vulnerability of this kind would be on a scale never before seen – much more difficult to establish, but far more destructive because it could not be fixed up or easily discovered.

China is in a particularly powerful position to carry out such an attack because it continues to make some 90 per cent of the world's computers and 75 per cent of its mobile phones. The Trump administration has continually told companies like Apple that its equipment should be made in the US instead, and Bloomberg quoted a former official as saying the alleged hack was the result of a "Satan's bargain" that the company had made by manufacturing its products in China.

But the companies at the heart of the allegations have not only denied them but say they have been rigorously investigated and no such breach was found.

"We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed," an Apple spokesperson said. "Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple."

It also released a detailed statement that attacked many of the claims made in the article.

"Apple has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server," a spokesperson wrote. "Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement."

Amazon said that it had investigated the same reports and that it had not found the problems alleged in the Bloomberg article.

"As we shared with Bloomberg BusinessWeek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems," an Amazon Web Services spokesperson said.

Supermicro, the company accused of manufacturing the hardware, said that it is "not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard". It said that it had not been dropped by any company for those reasons, an allegation made in the Bloomberg report.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in