Apple denies report claiming Chinese spies planted chips on iCloud servers



[ad_1]

Bloomberg Businessweek reports today that about three years ago, the Chinese army began inserting microchips on Supermicro server motherboards during their manufacture in China, thus offering the Chinese government a door stealthy entry to any network using falsified material.



The report quotes a manager who said investigators had discovered that the attack had finally affected nearly 30 companies, including Apple and Amazon, as well as a large bank and government contractors in the United States .

The microchip was placed on the motherboards so that it could inject its own code or change the order of instructions that the CPU had to follow, according to the report. A government official said China's goal was "long-term access to high-value business secrets and sensitive government networks."

According to the report, no consumer data was stolen, but the scale of the attack does not seem clear.

Apple is a longtime customer of Supermicro, which plans to order more than 30,000 server motherboards by two years ago for its global network of data centers powering services such as the App Store and Siri .

The documents consulted by Businessweek indicate that in 2014, Apple planned to order more than 6,000 Supermicro servers to be installed on 17 sites, including Amsterdam, Chicago, Hong Kong, Los Angeles, New York, San Jose, Singapore and Tokyo. . its existing data centers in North Carolina and Oregon. These orders were expected to double to 20,000 by 2015.

According to the report, Apple had about 7,000 motherboards in its data centers when its security team fell on the chips.

Apple would have discovered the suspicious chips on the motherboards around May 2015, after detecting abnormal network activity and firmware issues. According to sources cited by two Apple insiders, the company reportedly reported the incident to the FBI, while retaining details of what it had detected.

Insiders quoted in the report said that in the summer of 2015, a few weeks after Apple identified malicious chips, the company had begun to remove all Supermicro servers from its data centers. Each of the approximately 7,000 Supermicro servers has been replaced in the space of a few weeks, according to one of the insiders.

In a very firm statement, Apple has denied Bloomberg BusinessweekReport of:

Over the past year, Bloomberg has contacted us several times to point to claims, sometimes vague and sometimes complex, about an alleged security incident at Apple. Each time, we conducted rigorous internal investigations based on their investigations and each time, we found absolutely no evidence supporting them. We have regularly and regularly offered factual answers, refuting virtually every aspect of Apple's Bloomberg story.

We can be very clear about this: Apple has never found malicious chips, "hardware manipulations" or vulnerabilities created intentionally on a server. Apple has never had any contact with the FBI or any other agency about such an incident. We are not aware of any FBI investigations, nor are our contacts in the field of law enforcement.

In response to the latest version of Bloomberg's story, we present the following facts: Siri and Topsy have never shared servers; Siri has never been deployed on servers sold by Super Micro; and Topsy data was limited to about 2,000 Super Micro servers, not 7,000. None of these servers ever managed to contain malicious chips.

Typically, before the servers go into production at Apple, they are inspected for security vulnerabilities and we update all firmware and software with the latest protection. We did not discover any unusual vulnerabilities in the servers we purchased from Super Micro when we updated the firmware and software in accordance with our standard procedures.

We are deeply disappointed that, in their dealings with us, Bloomberg reporters have not been open to the possibility that their sources or sources are false or misinformed. Our best guess is that they confuse their story with a previously reported incident in 2016, in which we discovered an infected driver on a single Super Micro server in one of our labs. This one-off event was deemed accidental and not a targeted attack on Apple.

Although no one has claimed that customer data was involved, we take these allegations seriously and want users to know that we are doing everything we can to protect the personal information they have entrusted to us. We also want them to know that what Bloomberg reports about Apple is inaccurate.

Apple has always been transparent about how we treat and protect data. Should an event such as Bloomberg News ever occur, we would be open about it and we would work closely with the forces of order. Apple engineers perform regular and rigorous security checks to ensure the security of our systems. We know that security is an endless race and that is why we are constantly strengthening our systems against increasingly sophisticated hackers and cybercriminals who want to steal our data.

Amazon also denied this information, while Supermicro said it was unaware of such an investigation. Chinese officials have not addressed the report directly, saying that "security of the supply chain in cyberspace is a matter of common interest and that China is also a victim."

However, in addition to Apple's three insiders, the report says that four of the six US officials have confirmed that Apple is a victim.

Apple acknowledged an incident in 2016 in which it had discovered an infected driver on a single Supermicro server in one of its labs. Apple said this one-time event was determined to be an accidental, untargeted attack.

At the beginning of last year, L & # 39; information reported that Apple had severed its links with Supermicro in 2016 after discovering a security breach in at least one of its servers, which seems to be the incident to which Apple refers in its statement. Apple has since moved on to other server vendors, including ZT Systems and Inspur.

Note: Due to the political nature of the discussion on this topic, the thread is in our forum Politics, Religion and Social Issues. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

[ad_2]
Source link