Spy chips on servers? Lessons learned (and questions to ask)

The revelations this week – hotly denied by Apple and Amazon – that Chinese server suppliers had planted microchips on motherboards – raises a lot of questions. Here are the ones companies should be asking now.

security threats and vulnerabilities

On Thursday, Bloomberg Businessweek published an in-depth report alleging that Chinese suppliers for server hardware company Supermicro had placed microchips onto motherboards ordered by the San Jose-based company that were later sold to fill orders from as many as 30 customers. 

That customer list included Apple and Amazon, two of the world’s wealthiest companies – both achieved a $1 trillion market cap earlier this year. Apple and Amazon reportedly found the chips, contacted law enforcement and did not publicize their findings. Apple is alleged to have alerted the FBI to the issue, but declined to provide any suspect materials. 

Both companies, along with Supermicro have vehemently denied the claims made in the report. And government agencies in the U.S. and U.K. have voiced support for Apple's and Amazon’s statements. 

According to the report, Apple uncovered the implants in its datacenter by spotting network traffic and firmware issues. Having discovered the chips, Apple canceled orders for additional Supermicro hardware (supposedly for 30,000 or more servers) and quietly removed around 7,000 existing systems from its data centers.

I have no inside information as to the veracity of the claim or Apple’s rebuttals. Several Apple-focused publications have raised doubt about Bloomberg’s findings, though Cult of Mac has published a report with a former Apple engineer who claims that the Bloomberg conclusions are plausible. 

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon