Apple Vehemently Denies Chinese Govt. Planted Secret Spy Chips

Text Size
- +

Toggle Dark Mode

Apple is strongly denying a new report claiming that the Chinese government covertly planted spy chips in hardware used by its data centers.

The report, published Thursday by Bloomberg Businessweek, alleges that the Chinese military began inserting small microchips onto server motherboards produced by a California-based firm called Super Micro about three years ago. The chips were reportedly installed onto hardware while it was being produced in China and Taiwan.

Bloomberg, citing anonymous government and corporate officials, reports that the chips were used to steal intellectual property, trade secrets and sensitive government information from Apple and Amazon Web Services servers, along with about 28 others entities — including a “major bank” and various government contractors.

Data from consumers was not reported to have been stolen in the hack, however.

The publication also says that the chips have been the focus of a secret U.S. government inquiry since at least 2015.

According to the story, Apple reportedly discovered the chips in the summer of 2015 and alerted the security incident to the FBI.

As a result, the company began pulling all Super Micro servers from its data centers. All in all, Bloomberg says Apple had around 7,000 Super Micro motherboards in its data centers when its security team allegedly discovered the spy chips.

The three companies have all strongly denied the allegations in the report. Amazon said it was unaware of any supply chain compromises, while Super Micro denied that it had any knowledge of such an investigation.

Apple, for its part, released an uncharacteristically long and strongly worded statement indicating that it had “repeatedly and consistently offered factual responses, on the record,” that deny Bloomberg’s report.

“On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” the Cupertino tech giant wrote in its statement.

Apple went on to say that it wants consumers to know that “what Bloomberg is reporting about Apple is inaccurate.”

The company, as you might expect, also said that all servers are inspected for security vulnerabilities before they end up in Apple data centers.

To be clear, Apple did acknowledge the existence of a security incident in which it discovered a compromised system on a single Super Micro server in one of their labs. The Cupertino tech juggernaut maintained that the event was accidental and not indicative of any targeted attack against Apple.

Last year, The Information reported that Apple had severed ties with Super Micro in 2016 after discovering a security vulnerability in “at least one” server. Presumably, that event and the incident described in Apple’s statement are the same — or closely related.

Devices or hardware produced in China have long been under intense scrutiny from U.S. government agencies and officials due to allegations of spying.

Social Sharing