China reportedly carried out a 'hardware hack' on Apple and Amazon (updated)
All sides are refuting the allegations.
Data center hardware used by Apple and Amazon may have been fitted with surveillance micro-chips by Chinese server company Super Micro, claims Bloomberg in a new report. Almost 30 US companies reportedly fell prey to the "attack," with the chips used to snatch intellectual property and trade secrets, according to Bloomberg's anonymous government and corporate sources. The report notes that no "consumer data is known to have been stolen."
Apple has flat-out denied the allegations, claiming that it did not find the chips, while Amazon said it had "found no evidence to support claims of malicious chips or hardware modifications." As for Super Micro, it denied that it introduced the chips during the manufacturing phase. And China's foreign ministry has said that the country "is a resolute defender of cybersecurity."
That just leaves Bloomberg, which claims the issue was first discovered by Apple in May, 2015 and quietly reported to the FBI. Later, Amazon independently found the chip and also informed US authorities. Apple reportedly severed ties with Super Micro in 2016. A follow-up investigation was then conducted, which reportedly remains open to this day. Apple and Amazon, however, both deny working with the FBI on a top-secret probe. The report lays the blame for the so-called "hardware hack" squarely at the feet of China's regime.
Apple -- which tends to refrain from issuing direct responses to specific reports -- has taken the unorthodox step of categorically denying Bloomberg's revelations. "Over the course of the past year, Bloomberg has contacted us multiple times with claims ...of an alleged security incident at Apple," the company said in an emailed statement to Bloomberg. "We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg's story relating to Apple.
"On this we can be very clear: Apple has never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement."
This isn't the first time a Chinese company has come under fire for surveillance in the US. Earlier this year, Donald Trump signed an act banning government personnel from using Huawei and ZTE devices, following years of concerns over the companies' ties to China's government.
Update 10/7: The Department of Homeland Security has issued a statement backing Amazon and Apple, saying it has "no reason to doubt" their versions of the story at the moment. You can read the full statement below.
"The Department of Homeland Security is aware of the media reports of a technology supply chain compromise. Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story. Information and communications technology supply chain security is core to DHS's cybersecurity mission and we are committed to the security and integrity of the technology on which Americans and others around the world increasingly rely. Just this month – National Cybersecurity Awareness Month – we launched several government-industry initiatives to develop near- and long-term solutions to manage risk posed by the complex challenges of increasingly global supply chains. These initiatives will build on existing partnerships with a wide range of technology companies to strengthen our nation's collective cybersecurity and risk management efforts."
