The Supermicro servers used by Apple, Amazon and others showed the Chinese “bugs”
Apple servers and Amazon Web Services (AWS), as well as a number of other companies were compromised with special chips that enable Chinese intelligence agencies to monitor them. On it informs edition Bloomberg, citing a number of sources who wished to remain anonymous.
It is reported that the above chips are being investigated by government authorities of the United States in 2015. These chips were used to steal intellectual property and trade secrets of American companies. These “bugs”
Tracer was introduced at the Board on the production of subcontractor Supermicro located in China. So maybe the company itself is not implicated in unauthorized modification of their systems. However, the scandal has been called “the most significant attack in the supply chain”.
“Decoy” chip allows you to get full control over the system in which it is installed. Moreover, it is much more difficult to identify and to block, in contrast to the software with the same purpose. So, Bloomberg presented if the facts are true, the servers of dozens of American companies and government organizations may be vulnerable to a serious hardware issue.
At the same time, Apple, AWS, and Supermicro itself while denying the facts given by the source. Supermicro tells about his innocence, and claims that they did not install the chip described in the production process of motherboards. However, the scandal led to a significant reduction in the stock of Supermicro. Their cost for the day has slipped by more than 60 %, but at the time of writing the news, the situation has stabilized, and the decline was slightly more than 40 %. Shares of Amazon and Apple fell by 1.5 and 1 %, respectively.
Apple commented on the situation to our colleagues from CNBC, noting that she was deeply disappointed that Bloomberg reporters had not even considered the possibility that their sources may provide false information, or they were simply misinformed. As Apple notes that journalists could confuse the obtained data with an earlier incident in 2016, when it was discovered the infected driver in one of the Supermicro servers that were used in the laboratory of Apple. This episode was regarded as an accident and not a targeted attack. According to Apple, no surveillance by the servers Supermicro is actually there.
Amazon Web Services also denies the facts stated in the Bloomberg article. It was noted that Amazon has never stated any facts connected with the surveillance equipment on motherboards Supermicro systems Amazon and Elemental.
Finally, the statement of the Ministry of foreign Affairs of China said: “China is a staunch defender of cyber security”. That is, the Chinese side also denies involvement in the scandal.