[ad_1]
In a letter to customers last week, Super Micro Computer (dba Supermicro) criticized a Bloomberg article that the company's motherboards contained a secret chip inserted by the Chinese government for cyber espionage purposes.
"We are convinced that a recent article, which claims that a malicious hardware chip has been implanted during the manufacturing process of our motherboards, is wrong," begins Super Micro's letter.
The company said it "is now undertaking a complicated and tedious review to better address this article."
"We hope you will appreciate the difficulty of proving that something did not happen, even though the reporters did not produce any affected motherboards or malicious hardware chips," the letter continues.
The San Diego-based hardware maker is struggling to keep his business afloat. The Bloomberg article drops the price of the Super Micro share by about 55% after its publication and the course has barely resumed.
The company denied the Bloomberg report from the beginning, and then again last week, in an answer two US senators seeking clarification on the Bloomberg report.
The Bloomberg article also claimed that Super Micro motherboards were also found in the server infrastructure of government agencies and more than 30 companies, including Apple and Amazon.
Apple, Amazon, DHS and GCHQ also vehemently denied the initial report, claiming to have seen no evidence of it, or to have accused Bloomberg's journalists of misinterpreting the facts.
And more and more denials continued to accumulate over time.
Rob Joyce, acting advisor on homeland security, said the Bloomberg report caused distraction in the US government, which wasted resources.
National Intelligence Director Dan Coats also said that he had not seen any evidence of Chinese players tampering with Super Micro motherboards.
Even one of the security experts cited in Bloomberg's article cast a doubt on the original story.
Members of a reputed and respected IT community devoted to servers and storage hardware also described the Bloomberg article as "technically inaccurate" in a five-page report released this week.
Through all this, Bloomberg has chosen to stand alongside its journalists and their article.
All of these denials and the lack of technical details included in the original Bloomberg article have changed the public's mindset regarding the original report, which most computer experts consider now as imperfect or totally inaccurate.
Apple CEO Tim Cook has even asked Bloomberg to revisit his story last week. Andy Jassy, CEO of Amazon's Web Services division, joins him this week.
But among all these refusals, it is the letter that Super Micro sent to its customers which arouses the biggest rejection in the report of Bloomberg.
The letter refers to the entire article as a "technical improbability" and a "fake", but Super Micro is not content to officially request a retraction.
The following are the most important excerpts from the letter in which Super Micro describes its manufacturing process and explains why the company believes that a malicious chip would not go unnoticed because of its multi-layered approach to the assembly process. motherboard.
[…] we test our products every step of the way. We check each card, each layer and each panel, as well as the visual and functional design of the card, throughout the manufacturing process. Every card we make is supervised by Supermicro, including multiple layers of testing, from design to delivery.Our process requires in particular the inspection of the structure and components of each product at the beginning and end of each stage of manufacture and assembly. Our employees are on site with our subcontractors throughout the process. These inspections include several automated optical inspections, visual inspections and other functional inspections. We also periodically use spot checks and x-ray scans of our motherboards, as well as regular audits of our subcontractors. Our testing processes at every step are not only designed to verify functionality, but also to verify the integrity and composition of our designs and to alert us of any anomalies in the basic design.
Our motherboard designs are extremely complex. This complexity makes it virtually impossible to insert an unauthorized functional component on a motherboard without it being intercepted by one or the other of our manufacturing process controls. and assembly. The complex design of the underlying layers of the map also makes it very improbable the correct operation of an unauthorized hardware component, or altered card.
Our motherboard technology involves multiple layers of circuitry. It would be virtually impossible for a third party, during the manufacturing process, to install and power a hardware device capable of effectively communicating with our motherboard controller, as this third party would lack complete knowledge. " These drawings are trade secrets protected by Supermicro.The system is designed so that no employee, no team or no Supermicro contractor will have unrestricted access to the complete design of the motherboard (hardware, software and firmware included).
[…]Our manufacturing process is designed to prevent unauthorized physical modification of our motherboards by our subcontractor manufacturers or anyone else at Supermicro. The motherboard design is systematically compartmentalized throughout the supply chain and within Supermicro in order to maintain product safety and integrity. No part of the manufacturing process, aside from Supermicro, has complete information on the design of our motherboards during our multi-step production process. Even at Supermicro, the system is designed so that no employee or team has unrestricted access to the entire design.
Each of our subcontractors has only the entire technical design of the motherboard to be able to do its share of the manufacturing process. Changes to the design plan must be confirmed with Supermicro, who then transfers them to those downstream of the manufacturing process. If only one contractor attempts to modify the designs, the manufacturing process is structured so that these changes do not match the other design elements of the manufacturing process. It is therefore almost impossible for anyone to add an unauthorized hardware component that may be out of detection and working properly.
[…]For these reasons, we are convinced that these allegations are false.
A copy of the full letter is available here, as part of the SEC filing of the company done last week.
RELATED CYBER SECURITY COVERAGE:
[ad_2]
Source link
