China Infiltrated 30 US Companies Including Apple and Amazon with Hardware Hack

Ann Santiago
October 5, 2018

Some of the US companies that at one point used tampered servers include Apple and Amazon Web Services, or AWS, the report stated.

It said dozens of large United States firms and agencies were using the hardware - but Amazon first discovered the chips, the size of a grain of rice, during a security review it ordered after buying a software firm called Elemental three years ago.

Apple has denied that its iCloud server hardware was infiltrated by Chinese spy chips.

Apple and Amazon stock were both down over 1% at the time of publication.

Data center equipment run by Amazon Web Services and Apple may have been subject to surveillance from the Chinese government via a tiny microchip inserted during the equipment manufacturing process, according to a Bloomberg BusinessWeek report on Thursday. Upon the discovery, Amazon reportedly alerted US authorities, which sent "a shudder through the intelligence community", Bloomberg wrote.

Carrying out the attack involved "developing a deep understanding of a product's design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location", it said. "One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon", it says.

Apple denied the account, saying it had investigated the claims.

Apple said in a statement it "has never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server". "Additionally, we have not engaged in an investigation with the government".

"Apple is deeply disappointed that in their dealings with us, Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed", the company said in a statement to AppleInsider on Thursday.

In response to Bloomberg's latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000.

The Chinese foreign ministry also denied the allegations and said the country is a "resolute defender of cybersecurity". However, citing "senior insiders" inside Apple, the report claims that once the company found these malicious chips on Supermicro motherboards, it severed all ties with it. The report also stated the issue is now under investigation. Almost all the critical parts of a server are made and assembled in China or Taiwan, and China's espionage operation has targeted the tech industry before, such as in 2010 when hackers believed to be working on behalf of the Chinese government infiltrated Google.

The company instead suggested that Bloomberg's sources may have been mistaking an incident in 2016 when an accidental vulnerability was found on a single Super Micro server inside the company.

Other reports by

Discuss This Article