Tech Companies have ardently denied Bloomberg’s declaration that China’s Super Micro gave them hardware loaded with spy chips, but that isn’t stopping all sorts of accusations from pouring in.
Bloomberg claims it has obtained documents from security researcher Yossi Appleboum that reportedly show evidence of an unnamed major US telecom finding “modified hardware” from Super Micro in its network. According to Appleboum, there were “several remarkable exchange of communications” from a server that led the telecom to find an implant hidden in the server’s Ethernet jack. The researcher determined that the server had been modified at a factory in Guangzhou after conducting an inspection.
Other tech companies were also victimized by China modifying hardware for surveillance, the security researcher said. If any company is affected, though, it might not be easy to get an answer.
These tech giants have all denied being affected, with AT&T and Sprint explicitly stating that they don’t use Super Micro hardware. Cable provider CenturyLink has denied being the subject of the story, and Engadget has learned that Comcast also isn’t involved. We’ve asked Charter for comment and will let you know if it responds.
Bloomberg has continued to stand by its reporting and sources. However, the story might not go much further than this. On top of the adamant corporate denials, both the Department of Homeland Security and the UK’s National Security Centre have backed the companies by tentatively supporting their claims. Simply put, there don’t appear to be any parties who take the assertions seriously enough to launch an investigation.
A Bloomberg News personnel has given a written statement defending its latest breaking story and ultimately suggesting that Fitzpatrick mischaracterized his role. You can read the full statement below:
“As is typical journalistic practice, we reached out to many people who are subject matter experts to help us understand and describe technical aspects of the attack. The specific ways the implant worked were described, confirmed, and elaborated on by our primary sources who have direct knowledge of the compromised Supermicro hardware. Joe FitzPatrick was not one of these 17 individual primary sources that included company insiders and government officials, and his direct quote in the story describes a hypothetical example of how a hardware attack might play out, as the story makes clear. “
Meanwhile, Tech giants Apple and Amazon is refuting the Bloomberg report, saying it’s inaccurate.