[ad_1]
Last week, Bloomberg published a fascinating article on a hardware-related piracy offer that allowed a Chinese manufacturer to insert material changes not exceeding a grain of rice on SuperMicro motherboards, compromising thus their safety and allowing the machines to call their home secure. This type of piracy on the supply side has been predicted by security researchers for years. Bloomberg's detailed report has been released to 17 different sources, including many senior government officials and officials in companies such as Apple and Amazon, as well as a source in the Chinese government.
Since the publication of the report, two events have occurred. First, companies like Apple and Amazon categorically denied and rejected the report, denouncing their innocence and declaring that the products described in the Bloomberg report did not occur at all. The company continued to double its attacks on Bloomberg's history, going so far as to testify in a letter to Congress that the Bloomberg report is a fabrication.
The full letter from Apple's Vice President of InfoSec to the United States House and Senate refutes the story of Bloomberg's Big Hack.
The denials do not become stronger than that.
(Still no news from the other 28 companies, Bloomberg's claims have been compromised.) pic.twitter.com/XGQAFe6rQJ
– Rene Ritchie (@renerichie) October 8, 2018
In a letter to Congress, Apple writes that she had contacted Bloomberg as of October 2017, but:
While we repeatedly asked them to share specific details about the so-called malicious fleas they seemed certain, they did not want or could not provide more than vague occasional accounts … In the end, our Internal investigations directly contradicted all subsequent claims made in the article – we note that some of them were created by a single anonymous source.
Apple has never found malicious chips, "hardware manipulations" or vulnerabilities intentionally introduced on a server. We have never warned the FBI of similar security issues to those described in the article, and the FBI has never contacted us about such an investigation.
These denials are increasingly radical, but Bloomberg does not back down. In response to Apple's letter, Bloomberg reissued its own response in these terms:
The Bloomberg Businessweek survey is the result of more than a year of reports during which we conducted more than 100 interviews. Seventeen individual sources, including government officials and corporate insiders, confirmed the handling of computer hardware and other elements of the attacks. … We are faithful to our history and trust our reports and our sources.
Illustration of Bloomberg's Chinese server, but we still do not know if the image was a true hardware model or not.
When Apple and Amazon announced their first denials, we were firmly on the side of Bloomberg. After all, it would be far from the first time that companies have issued denials and carefully worded statements about the nature of a problem, but only to break these denials with new information. But Apple has kept its guns on this and has continued to issue very clear statements denouncing any involvement in this case. At the same time, Bloomberg remained true to its own weapons, despite Homeland Security's remarks that confirmed Apple's versions of the events.
If Apple or other companies lie, they could be punished by shareholders and the SEC. At the same time, it is extremely unlikely that Bloomberg will put all of its reputation as a journalist at the service of a deliberate attempt to distort such critical issues. Declare that a company has been penetrated by spies of a foreign power is not a simple charge. This is probably why the survey lasted one year and any survey that would last a whole year would probably have several levels of monitoring and evaluation in play, precisely to avoid this kind of scenario.
Yet, five days later, the findings alleged by Bloomberg have not yet been confirmed by other media. The companies involved continue to demonstrate forcefully. Bloomberg is just as true to its history. The potential involvement of national security complicates matters because the federal government is perfectly capable of ordering a company to lie if it receives a message. Yet, companies that lie tend to err on the side by saying what they can say and precious little else. This is the safest way to avoid trouble. Could history and well-formulated denials still be part of a national security story that is supposed to sow sorrow ahead of what the United States actually knows or does not know about China's intelligence capabilities? Sure. At this point, it makes as much sense as any thing. But the fundamentals of this situation do not make much sense, one point is everything.
At this point, arguing that one side or the other is quite simplistic. We are at the point where the consequences of the lie begin to be felt. Bloomberg is redoubling lies that could hurt his reputation, while Apple would lie to Congress and the public on extremely important issues. It is possible that the people who publish these statements ignore the truth instead of lying, but that only raises more questions about who knows what really happened and who did not.
I have perhaps a little too quickly personally rejected the denial of Apple. At this point, I am really uncertain. But only one set of stories can be here. Either these events happened or they did not happen – and so far, there is no independent confirmation of the Bloomberg story. At the same time, the news of a material attack like this – a long-theorized attack vector – that do not have to arrive would be surprisingly irresponsible. Despite all that Apple is suggesting that Bloomberg has just been wrong, the stories that are being researched for a year should not be the kind of stories that it's is possible to "go wrong". hours for an article online. And the longer the feature film, the more glimpses of a story before it is released.
People like to say cynically that the media do everything they do for clicks, but it is pointless to throw a story of this magnitude on a hoax. The damage to personal and business reputation and potential future advertising revenue exceed the potential gains of a few days of increased traffic. And, since federal sources have been involved in the information, it is not clear what national security concerns might also be at stake, making the issue even more obscure.
It is not clear who is lying, who is telling the truth and who could be mistaken. But we are not yet at the bottom of this story.
Now read: Amazon, Apple servers completely compromised by Chinese backdoors, is hyper-threading a fundamental risk for security ?, and Apple deploys anti-password defense with a major flaw
[ad_2]
Source link
