What just happened? Apple and Amazon Web Services have rushed to deny a report that they were two of around 30 companies spied on by the Chinese government using tiny chips inserted onto server hardware.
The Bloomberg report claims that the rice-sized chips were hidden on server motherboards produced by San Jose-based firm Super Micro. Groups affiliated with Chinese government reportedly infiltrated the company’s supply chain, attaching the chips, which were disguised as signal conditioning couplers, to motherboards that ended up in US servers.
The chips were reportedly designed to steal IP and trade secrets from American companies. Bloomberg claims Amazon discovered them ahead of its 2015 acquisition of Elemental Systems and reported the chips to the FBI before removing them all within a one-month period. The find led to an investigation that is still ongoing.
One unnamed US official said the chips could modify the server’s operating systems, letting spies control the computers remotely and access the information held on them. In addition to large US companies, the motherboards also were used by Defense Department data centers and CIA drone operations.
Apple, AWS, Super Micro, and China’s Ministry for foreign affairs have all vehemently denied the report. “Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed,” said Apple, who ended its relationship with Super Micro in 2016. “Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple."
Bloomberg says its report is a result of information from 17 people, including six current and former senior national security officials, two from Amazon Web Services, and three Apple insiders.