[ad_1]
Apple and Amazon vehemently deny the claim that their servers would have been compromised by Chinese spies as a result of an explosive report from Bloomberg Thursday. The report claims that spies have been able to infiltrate some of the country's largest technology companies by inserting microchips the size of a "grain of rice" into servers made in China, which are part of from the infrastructure of technology giants. The report says that the companies have discovered the chips on their own and have informed the US authorities, but Apple and Amazon refute the fact that any of the claims cited in the article is actually based.
The answers are very detailed, denying the Bloomberg point by point report. It's something these companies rarely, if ever, do. Most statements following the discovery of security breaches or public reprisals merely acknowledge the concerns and make vague promises in the name of consumer privacy.
After the violation of Celebgate iCloud, for example, which included leaked nude photos of celebrities, Apple reacted by scandalizing in a minor way and simply refuting any flaws in security. Amazon had a distinct, but equally detrimental, feat in 2014 when researchers discovered that, with the Heartbleed bug, Web sites hosted on Amazon Web Services (AWS) could leak sensitive information such as card numbers. credit. Amazon's response to the Heartbleed was simply: "AWS is aware of the HeartBleed bug (CVE-2014-0160) in OpenSSL and investigates any impact or correction needed. We will post back when we have more details. "
But in this case, Apple and Amazon deny everything. According to the companies, this infiltration never took place and they told Bloomberg only for a very long time.
Some highlights of the responses published by Amazon, Apple, and the Chinese server manufacturer Supermicro are listed below:
Amazon
It is not true that AWS had knowledge of a supply chain compromise, a problem with malicious chips or hardware changes during the acquisition of Elemental. It is also false that AWS knows the existence of servers containing malicious chips or changes in China-based data centers, or that AWS has been working with the FBI to investigate or provide data on malicious material.
We reviewed our records related to the acquisition of Elemental for any SuperMicro related issues, including the review of a third-party security audit we conducted in 2015 as part of our due diligence prior to 'acquisition. We have found no evidence to support malicious bullets statements or hardware changes.
Apple
During the past year, Bloomberg has contacted us several times to report alleged security incidents at Apple, sometimes vague and sometimes complex. Each time, we conducted rigorous internal investigations based on their investigations and each time, we found absolutely no evidence supporting them. We have regularly and regularly offered factual answers, refuting virtually every aspect of BloombergThe story of Apple.
. . .
We can be very clear about this: Apple has never found malicious chips, "hardware manipulations" or vulnerabilities created intentionally on a server. Apple has never had any contact with the FBI or any other agency about such an incident. We are not aware of any FBI investigations, nor are our contacts in the field of law enforcement.
Supermicro
Even though we cooperate with any government investigation, we are not aware of any investigation on this subject and no government agency has contacted us about it. To our knowledge, no customer has chosen Supermicro as a supplier for this type of problem.
. . .
In addition, Supermicro does not design or manufacture network chips or associated firmware, and we, along with other large storage and server companies, supply them to the same large network companies.
These affirmed statements lead national security experts to wonder who is telling the truth exactly. If the Bloomberg The story has been verified, Amazon and Apple would seem to lie and invalidate a potential risk to national security.
"There are only official denials in history and the lack of technical detail does not really support technical conclusions," said Andrea Barisani, head of hardware security at F-Secure, an antivirus company. cybersecurity. "It is certainly possible to carry out attacks against the supply chain that can affect the security of COTS equipment (Commercial Off The Shelf), although posing significant implementation difficulties."
I must say that all this is really weird. The history of Bloomberg is very detailed, citing documents and internal sources. But the denials of society are also detailed and emphatic. You do not often see it when a company is trying to hide something or be shy. https://t.co/qjA1TFKzZ3
– Kim Zetter (@KimZetter) October 4, 2018
No one in Congress has called for an investigation into these allegations, but Republicans and Democrats are wary of using Chinese material inside the country's borders.
Ultimately, allegations of this type that gave rise to explicit refusals such as these could warrant further investigation. A closer examination of this possible attack would not be the first time that members of Congress criticize the use of Chinese material in the United States. During the summer, senators decided to introduce an amendment to a draft law on imperative defense prohibiting the use of products by two other Chinese manufacturers (ZTE and Huawei) by government officials and contractors, for reasons of national security.
[ad_2]
Source link