[ad_1]
Bloomberg today released a report claiming that companies such as Amazon and Apple had found Chinese surveillance chips in the hardware of their servers contracted from Super Micro. Bloomberg claims that Apple found these chips on its server motherboards in 2015. Apple strongly refutes this report, sending out press releases to several publications, not just to Bloomberg.
In a statement to CNBC, Apple said: "We are deeply disappointed that, in their dealings with us, Bloomberg reporters have not been open to the possibility that they themselves or their sources are false or misinformed" .
Try the free 30-day trial version of Amazon Prime
Apple terminated its relationship with Supermicro in 2016. Apple told CNBC that it had found only one infected driver on a single Super Micro server in a lab. Apple said that it was a single event and not considered a targeted attack. This incident was reported last year by The Information.
Bloomberg's report states that Apple discovered the chips around May 2015 and informed the FBI discreetly. Later, Amazon discovered the chip independently and also reported it to US authorities. The Chinese government probably suspects that chips found in Super Micro hardware have been added to help spy on US companies and their users, essentially a "hardware piracy" of critical systems.
Bloomberg says that there is a top secret investigation going on, three years after the initial discovery. The same report includes rejection comments from Amazon and Apple.
Here's the full comment Apple gave to CNBC:
Apple has strongly denied the report saying, "We are deeply disappointed that Bloomberg journalists have not considered in their relationship with us the possibility that they themselves or their sources are wrong or misinformed. Our best guess is that they confuse their story with an incident previously reported in 2016 in which we discovered an infected driver on a single Super Micro server in one of our labs. This one-off event was deemed accidental and not a targeted attack on Apple. "
It's a very strange situation indeed. Apple is clearly upset. It is very rare that the company offers such a direct refutation to a specific report. Bloomberg has published the full comments of the companies involved in a separate article.
Here is Apple's detailed response to the Bloomberg report:
Over the past year, Bloomberg has contacted us several times to point to claims, sometimes vague and sometimes complex, about an alleged security incident at Apple. Each time, we conducted rigorous internal investigations based on their investigations and each time, we found absolutely no evidence supporting them. We have regularly given factual answers, refuting virtually every aspect of Apple's Bloomberg story.
We can be very clear about this: Apple has never found malicious chips, "hardware manipulations" or vulnerabilities created intentionally on a server. Apple has never had any contact with the FBI or any other agency about such an incident. We are not aware of any FBI investigations, nor are our contacts in the field of law enforcement.
In response to the latest version of Bloomberg's story, we present the following facts: Siri and Topsy have never shared servers; Siri has never been deployed on servers sold by Super Micro; and Topsy data was limited to about 2,000 Super Micro servers, not 7,000. None of these servers ever managed to contain malicious chips.
Typically, before the servers go into production at Apple, they are inspected for security vulnerabilities and we update all firmware and software with the latest protection. We did not discover any unusual vulnerabilities in the servers we purchased from Super Micro when we updated the firmware and software in accordance with our standard procedures.
We are deeply disappointed that, in their dealings with us, Bloomberg reporters have not been open to the possibility that they themselves or their sources may be wrong or misinformed. Our best guess is that they confuse their story with a previously reported incident in 2016, in which we discovered an infected driver on a single Super Micro server in one of our labs. This one-off event was deemed accidental and not a targeted attack on Apple.
Although no one has claimed that customer data was involved, we take these allegations seriously and want users to know that we are doing everything we can to protect the personal information they have entrusted to us. We also want them to know that what Bloomberg reports about Apple is inaccurate.
Apple has always been transparent about how we treat and protect data. Should an event such as Bloomberg News ever occur, we would be open about it and we would work closely with the forces of order. Apple engineers perform regular and rigorous security checks to ensure the security of our systems. We know that security is an endless race and that's why we are constantly reinforcing our systems against increasingly sophisticated hackers and cybercriminals who want to steal our data.
Check out 9to5Mac on YouTube for more information on Apple:
Source link