The Bloomberg article about Supermicro Supply Chain Hardware Hack
Almost everyone is talking about the explosive Bloomberg Businessweek article alleging that Chinese agents had implanted surveillance chips in the motherboards of computer servers, which has caused quite a stir.
According to the report, it does not pass the smell test. As President Donald Trump would say, this is a piece of fake news.
Apple, Amazon, and the other parties involved issued vehement denials of the allegations. If these companies had any inkling that the article contained any truth, they would not have responded with such vehement denials. For starters, if the article contained any truth, each of these companies would be subject to significant liability for deceiving the public through their denials of the allegations.
No one has reported being able to identify a spy chip from any of the motherboards currently in production, which appears to be a bit strange. Notably, it would not have been difficult for any companies that used servers containing components from Supermicro, the company whose products were allegedly backdoored, to dispatch an engineer to locate the tiny snooping chip in one of their datacenters. A maliciously installed component would be easily detectable by engineers who work on circuit boards, as I am aware of such individuals.
The chip was even depicted in a photograph in the Bloomberg article. I am confident that the image was included solely to increase the impact of the storey.
While a lack of evidence is not sufficient to discredit the report, it will raise questions.
In an interview, Joe Fitzpatrick, a hardware hacking expert and one of the few named sources, stated that he believes the storey to be implausible.
Previously, the authors published inaccurate cybersecurity reports on a regular basis. Even Rob Joyce, a senior National Security Agency official, stated that he has not discovered “any ties to the claims that are made in this report.” (No one is perfect, but these previous crimes raise an eyebrow.) “I have a feeling that we are chasing shadows right now,” he continued.
The positive aspect of the article is that it has raised awareness of the importance of security in the supply chain management process. This issue has gained more attention recently. Manufacturers will almost certainly take a second look at vulnerabilities related to hardware security as a result of this alone.
