Apple, government contractors were hacked using tiny Chinese chips, report says | Computing
Apple, Amazon, and government contractors were all hacked by China, according to a report from Bloomberg Business Week. Though no consumer data is thought to have been stolen, China allegedly leveraged tiny microchips as part of the hack, which targeted trade secrets and other intellectual property of American companies.
The chips used in the alleged attack were the size of a pencil head, and were reportedly added to Supermicro server motherboards purchased and used by Amazon Web Services and Apple. This moved past typical software-based hacks, as the chips had networking, memory, and processing power, and looked like signal-conditioning couplers.
“In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies,” the original report explains.
Apple is officially denying the report and any claims that it worked with the FBI on an investigation in 2015. In a statement, the company said it never found the chips and believes in being transparent.
“On this, we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement,” Apple said.
Amazon had a similar tone, saying it “found no evidence to support claims of malicious chips or hardware modifications.” The company also denies notifying authorities and notes that is “untrue that [Amazon] knew about a supply chain compromise, an issue with malicious chips, or hardware modifications.”
Supermicro also denies being involved, and says it was unaware of any government investigation. Supermicro, which is a small server component manufacturer in China, instead echoed claims about defending cybersecurity: “Supermicro doesn’t design or manufacture networking chips or the associated firmware and we, as well as other leading server/storage companies, procure them from the same leading networking companies.”
According to the report, the chips were apparently inserted at some point in the production chain by operatives from the People’s Liberation Army, better known as the armed forces of the People’s Republic of China. This could lead to companies shifting manufacturing out of China, doubling down on concerns over the Trump administration’s trade tariffs and their effect on the supply chain of computer and other electronic components.