Apple reportedly launched a wide-reaching internal investigation into an explosive report claiming Chinese spies compromised its servers in what boils down to a complex supply chain hack, but came up empty in its examination.
Graphic illustrating size of supposed Chinese spy chip allegedly embedded in Apple servers. | Source: Bloomberg Businessweek
Citing multiple high-ranking Apple executives who spoke on the matter anonymously, BuzzFeed News reports the company conducted a "massive, granular, and siloed investigation" into claims leveled in a recent Bloomberg Businessweek report. The Bloomberg story, published Thursday, alleges servers used by nearly 30 tech firms including Apple and Amazon were compromised as part of an elaborate Chinese intelligence operation uncovered in 2015.
Not only did Apple's investigation find no evidence of the hardware tampering in question, but it also failed to identify unrelated incidents that could have contributed to Bloomberg's claims, the report said.
"We tried to figure out if there was anything, anything, that transpired that's even remotely close to this," a senior Apple security executive said, according to BuzzFeed News. "We found nothing."
A security engineer involved in the investigation said they had never seen a microchip resembling the component described in the Bloomberg report.
Thursday's story claimed Chinese operatives managed to sneak a microchip the size of a grain of rice onto motherboards produced by Supermicro, which supplied the parts for use in Apple's iCloud data centers. The chip, supposedly designed by the Chinese military, was said to act as a "stealth doorway onto any network" and offered "long-term stealth access" to attached computer systems.
"I don't know if something like this even exists," the unnamed Apple engineer said. The person went on to note that Bloomberg did not produce material for Apple to examine in efforts to corroborate the report. "We were given nothing. No hardware. No chips. No emails."
Another Apple executive, a senior member of the company's legal team, said it had not been in contact with government agencies purportedly investigating the matter. Bloomberg in its report claims Apple informed the FBI of "suspicious chips" found in Supermicro servers around May 2015 after "detecting odd network activity and firmware problems."
The executive reiterated Apple's public statement on the matter, saying the company is not bound by a confidentiality agreement or gag order.
Apple appears to have exhausted all avenues in its investigation, and sources told BuzzFeed News the company believes there is little else it can do at this juncture.
Just hours after the Bloomberg report was published, both Apple and Amazon issued strongly worded statements refuting the claims in no uncertain terms. As BuzzFeed News points out, the denial is unlike anything Apple has distributed, including a precisely worded counter to claims that it participated in the U.S. government's PRISM surveillance program in 2013. The company uses broad language to categorically deny all assertions in Bloomberg's story, and offers point-by-point rebuttal to certain facts and figures.
Amazon's response struck a similar tone.
For its part, Bloomberg is standing by its investigation, saying the report took more than a year to compile and involved more than 100 interviews. The publication cites 17 sources from government agencies and companies involved in the alleged hack, including senior insiders at Apple.
With both sides refusing to stand down the issue has become a matter of "he said, she said." It is unclear how, or even if, the allegations can be disproven, as Bloomberg has yet to produce conclusive evidence of the scheme beyond information from anonymous sources.