Bloomberg said the chips were installed during the manufacturing process, with US officials reportedly calling it "the most significant supply chain attack known to have been carried out against American companies". We've found no evidence to support claims of malicious chips or hardware modifications. In addition to large USA companies, the motherboards also were used by Defense Department data centers and Central Intelligence Agency drone operations.
However, Bloomberg says the denials are in direct contrast to the testimony of six current and former national security officials, as well as confirmation by 17 anonymous sources which said the nature of the Supermicro compromise was accurate.
Amazon, Apple and Super Micro have all denied Bloomberg's report. We did not uncover any unusual vulnerabilities in the servers we purchased from Super Micro when we updated the firmware and software according to our standard procedures.
Apple took Bloomberg to task, saying the agency had contacted it "multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident".
According to the report, Chinese spies placed microchips the size of a sharpened pencil tip in the Chinese-manufactured servers of one of the most prolific server-providers in the world, Supermicro. The company first discovered the chips in Supermicro servers in May 2015 and informed the Federal Bureau of Investigation about it. Apple planned on using these servers from Supermicro for its iCloud services.
Back when it was still developing Prime Video, Amazon aimed to and later did acquire Elemental Technologies, a startup whose video-streaming software had already landed it a Central Intelligence Agency contract. The report alleges that operatives masquerading as Super Micro employees or government representatives approached people working at four particular factories to request design changes to the motherboards to include the extra chips. We also want them to know that what Bloomberg is reporting about Apple is inaccurate.
In unusually robust on the record statements, the two trillion dollar tech companies said they know nothing about Chinese spies planting rice grain-sized microchips in hardware that reached 30 major American companies.
Amazon reportedly discovered the issue in 2015 while researching an acquisition target, the video service firm Elemental. Bloomberg quoted "three senior insiders" as saying they had also discovered the tiny chips, which Bloomberg said were much smaller than a penny and were created to transmit information back to China about the data flowing across the servers. A secret investigation remains open three years later. United States investigators, including the Federal Bureau of Investigation, declined to comment. Apple never had any contact with the Federal Bureau of Investigation or any other agency about such an incident.
If these spy chip allegations really did happen, why would Apple and Amazon deny it?
China's Ministry of Foreign Affairs called the story a "gratuitous accusation" and said the safety of supply chains was an "issue of common concern".