UK: No reason to doubt Apple and Amazon denial of Supermicro hack
The UK’s National Cyber Security Center has said it sees no reason to doubt Apple and Amazon’s statement that a recent report of a malicious Chinese chip on Supermicro server motherboards is false.
In its response to the news agency, the UK’s NCSC said it is aware of media reports and “sees no reason to question the detailed estimates made by Apple and Amazon Web Services.” It goes on to say, “The NCSC maintains confidentiality with security researchers and urges anyone with credible evidence of these messages to contact them.” The NCSC is part of the GCHQ, a British intelligence service.
Following Bloomberg’s release on Thursday, Apple and Amazon have both released responses. In it, for example, Apple writes that it has been approached several times by Bloomberg over the past year with “claims that were sometimes vague and sometimes extensive.” Each time, the company allegedly launched a “rigorous investigation,” but claims to have come across no evidence to support those claims. “Apple has never found malicious chips, hardware modifications, or deliberate vulnerabilities in any server.”
The denial posted by Amazon on its Web Services blog carries a similar purport. This company also claims to have never discovered modified hardware or malicious chips in its servers. Like Apple, the company denies having cooperated with the government in an investigation.
Citing several sources, the Bloomberg publication claimed that the Chinese government gained access to US companies, including the financial news agency itself, through a malicious chip on Supermicro server motherboards. The chip could contact servers over the Internet to receive instructions and, in addition, would have been able to modify the software.