Spy chips on servers? Lessons learned (and questions to ask)

Credit to Author: Ryan Faas| Date: Sat, 06 Oct 2018 04:17:00 -0700

On Thursday, Bloomberg Businessweek published an in-depth report alleging that Chinese suppliers for server hardware company Supermicro had placed microchips onto motherboards ordered by the San Jose-based company that were later sold to fill orders from as many as 30 customers. 

That customer list included Apple and Amazon, two of the world’s wealthiest companies – both achieved a $1 trillion market cap earlier this year. Apple and Amazon reportedly found the chips, contacted law enforcement and did not publicize their findings. Apple is alleged to have alerted the FBI to the issue, but declined to provide any suspect materials. 

Both companies, along with Supermicro have vehemently denied the claims made in the report. And government agencies in the U.S. and U.K. have voiced support for Apple’s and Amazon’s statements. 

According to the report, Apple uncovered the implants in its datacenter by spotting network traffic and firmware issues. Having discovered the chips, Apple canceled orders for additional Supermicro hardware (supposedly for 30,000 or more servers) and quietly removed around 7,000 existing systems from its data centers.

To continue reading this article register now

http://www.computerworld.com/category/security/index.rss