“Data center equipment run by Amazon Web Services (AWS) and Apple may have been subject to surveillance from the Chinese government via a tiny microchip inserted during the equipment manufacturing process, according to a Bloomberg Businessweek report on Thursday,” Kate Fazzini reports for CNBC. “The claims in the report have been strongly disputed by the technology giants.”
“The chips, which have been the subject of a top secret U.S. government investigation starting in 2015, according to the report, were used for gathering intellectual property and trade secrets from U.S. companies, and may have been introduced by a Chinese server company called Super Micro that assembled machines used in the centers,” Fazzini reports. “Apple, AWS and Super Micro have disputed the report, with Apple saying it did not find the chips as asserted by Businessweek — which cites several anonymous government and corporate sources.”
“Apple has issued strong denials of the report, stating: ‘We are deeply disappointed that in their dealings with us, Bloomberg‘s reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple,'” Fazzini reports. “AWS has also denied the report according to a statement published by Bloomberg, saying: ‘We’ve found no evidence to support claims of malicious chips or hardware modifications.'”
Read more in the full article here.
MacDailyNews Take: Apple is not happy with Bloomberg Businessweek, that much is sure.
Chinese theft and dishonesty is undisputed. All the more reason to bring manufacturing back to the U. S., where there are enforceable laws against IP theft. China, being communist, has government ownership of all goods and services. They’re like the Borg, except that resistance is vital. Made in the USA should be the new mantra (or more properly “made anywhere but China.”}
That option has been rationalized away as too expensive by the same people who for years supported the party ‘looking our for the little guy’.
Now they claim it will make their toys too expensive ‘for the little, underemployed guy’.
Yup. To kill an invasion of ants, simply get them to eat borax, but they don’t like borax. Solution? Mix it with something sweet. They gobble it up, take it home, and die. Cheap products are sweet, and we gobble ‘em up. And then data flows back to servers in China from drones (not disputed, it’s explicitly in their software), and potentially all sorts of electronics. In today’s world data is power.
Just to be clear, assembling Apple products in the U.S. will not fully address this risk. Components are sourced from many countries – China, South Korea, and Japan are home to the manufacturers of many critical components.
I am not saying that it cannot be done – but it would take a broad, concerted, and long term effort to repatriate all of the segments of the electronics supply chain. The first step, which is just to revitalize the domestic assembly of high-value products like computers and cell phones, is difficult by itself. The subsequent steps of manufacturing cutting edge processors and displays and such will be even more difficult. Not impossible, but costly and difficult.
Far too many people think that they are clever by simply stating what needs to be done and expecting everyone else to make it happen without any effort or discomfort on their part. Good luck with that fantasy. In order to repatriate the entire electronics manufacturing chain, there will be a substantial cost to consumers in the U.S.
Are you willing to pay more? if not stop with the fake outrage.
And this was always the issue with putting China where it is today. Should have never happened.
Capitalism ultimately devours even the Capitalist besides devouring the slave.
“Have not found” does not mean it does not exist.
Read the whole article. Very well researched and well written. Highly recommended.
But the parts about Apple seemed rather weakly-sourced. It was the part about Amazon and AWS that was most fleshed out. Here are the Apple bits:
“One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons.”
“Apple made its discovery of suspicious chips inside Supermicro servers around May 2015, after detecting odd network activity and firmware problems, according to a person familiar with the timeline. Two of the senior Apple insiders say the company reported the incident to the FBI”
” Apple, for its part, has used Supermicro hardware in its data centers sporadically for years”
“Documents seen by Businessweek show that in 2014, Apple planned to order more than 6,000 Supermicro servers for installation in 17 locations”
“As for Apple, one of the three senior insiders says that in the summer of 2015, a few weeks after it identified the malicious chips, the company started removing all Supermicro servers from its data centers, a process Apple referred to internally as “going to zero.” Every Supermicro server, all 7,000 or so, was replaced in a matter of weeks, the senior insider says.”
“tiny microchip inserted during the equipment manufacturing process, according to a Bloomberg Businessweek report on Thursday,”
The RedChiComs are scuzzes, not doubt about that. But a “tiny microchip (really really tiny!) would need to be precisely soldered into the circuitry. This type of sabotage would be noticed, unless the assembly lines are at a PLA facility
The servers were not manufactured by Apple or Amazon. So needless to say, Apple doesn’t have a very good handle on how the devices were manufactured or what tampering could have occurred.
Apple stated, “In response to Bloomberg’s latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers has ever been found to hold malicious chips.”
NOTICE THE PASSIVE VOICE. None of those servers “has ever been found” because Apple didn’t bother to look. You might as well ask Goldman Sachs financial dorks if they checked their Dell laptops for spy chips. Of course they didn’t. They wouldn’t have a clue where to start. So now Apple executives, who are primarily fashion marketers and outsourcing specialists, not product guys that really care about how their products are built, or by whom, have been exposed and they need to start an investigation. Classic strategy: deny and bide for time. Apple execs will eventually look into the problem that was identified 3 YEARS AGO, but job #1 is to first protect stock price and executive bonuses. It takes very little wordsmithing of strong-sounding statements to lead people to believe there is not issue whatsoever.
Whatever bonus little chip is PICTURED ON THE BLOOMBERG ARTICLE, Apple needs to explain. If they don’t know what it does, it’s because Apple hasn’t been doing its due diligence to ensure its Chinese-outsourced hardware hasn’t been tampered. It is very telling that Apple did not address the physical bonus chip that Bloomberg reported.
It really is a shame that Apple is more interested in stock price than the complete truth. One would think they have enough money to make their own secure servers. Precisely why can’t Apple run its own company on secure hardware it manufactures? Lack of leadership. Apple, just like any other US corporation, is just outsourcing to the max with little regard for long term implications.
Unless the server was built in China, and the “chip” was included in the design, and installed into potentially every server built for an order or who knows?
Bloomberg is more than likely full of it.. Which is no surprise, most reporters probably are technically clueless, that may include just about everything else they report on with rare exceptions. One of these days they might actually “report” something they’ve actually observed. Not “informed’ by people with yet another agenda
Up until your post, I would not think Chinese trolls paid attention to MacDailyNews.
Now, I understand even more of what the Chinese are doing.
Hmmm, earnings must be around the corner….. yep, end of month. Gotta hand it to Bloomberg, they got creative, knowing ‘supply chain issues’ meme, no longer works.
Given the nature of the story and that I’ve never seen your handle before, I have to assume that C.C. means Chinese Communist.
Been on here many times….. C.C.-Concerned Citizen.
Now that you have your answer bo. Go now, and brush your tooth you backwoods hick.
Well, I apologize then for thinking what C.C. might mean.
However, I seriously don’t think you can read the whole Bloomberg article and think that a reporter could make all this up without having a number of great information sources.
There are too many distinct items cited to believe that the whole article is made up.
What the article convinced me of is that you can NEVER trust the Chinese, ever.
The Chinese government wants to rule the whole world & will go to whatever lengths (or sub-micron paths) hidden in between circuit board layers necessary to steal your data.
The article is simply astonishing in its revelations.
Cheap supply chain pricing is the Trojan Horse!
The Chinese want what control like everyone else before them. The West wants cheap labor MORE…..
I heard directly from someone in the goverment who is in a position to know that most of the PCs our US government buys are delivered with root kits installed on them. These are often undetectable and difficult if not impossible to remove.
Then don’t buy them, the 1980’s and 1990’s had many American companies Sun, Digital, SGI, that made stuff (OS and hardware) here but no cared for anything other than the rock bottom price.
I suspect that today Apple does its own inspection of vendor parts including X-Ray (or similar) inspection starting with the circuit boards to make sure the PC boards have nothing “extra” inserted in the PCBs.
Apple’s Cook is continuing to tell the world that privacy is increasingly essential in the connected world & I applaud that commitment Apple has made to improve privacy.
Of course Amazon and Apple are going to whitewash the situation until they figure out what is going on. I seriously doubt Cook knows anything. He’s never expressed any interest in getting the details right before now.
ALL US corporations that outsourced their manufacturing and, worse, data server production, to China have been ASKING for security breaches. IP theft is what China does. It’s in their DNA. Wake the fuck up, Cook.
If Chinese government and its labs could create a chip that small, and could pack that much capability into it, every chip maker in the world should be scared shitless. Chinese government wouldn’t need to steal any IP. It’s every other chip maker that would like to steal the Chinese IP involved in this chip.
I would like to see a real chip designer explain how a chip that small could even package the pins needed to have full access to the memory as implied by the article.
It only needs a “path” to the BMC.