The United States Department of Homeland Security has added to the growing chorus of voices siding with Apple and Amazon versus the blockbuster report that Apple's iCloud and Siri security was violated by a China-planted spy chip.
The statement, issued by DHS on Saturday doesn't delve into any detail about why it believes that the Bloomberg report from Thursday is flawed, and sides with Apple and Amazon in the matter.
The Department of Homeland Security is aware of the media reports of a technology supply chain compromise. Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story.Information and communications technology supply chain security is core to DHS's cybersecurity mission and we are committed to the security and integrity of the technology on which Americans and others around the world increasingly rely.
Just this month - National Cybersecurity Awareness Month - we launched several government-industry initiatives to develop near- and long-term solutions to manage risk posed by the complex challenges of increasingly global supply chains. These initiatives will build on existing partnerships with a wide range of technology companies to strengthen our nation's collective cybersecurity and risk management efforts.
Thursday's story claimed Chinese operatives managed to sneak a microchip the size of a grain of rice onto 7000 motherboards produced by Supermicro, which supplied those compromised parts for use in Apple's iCloud data centers. The chip, supposedly designed by the Chinese military, allegedly passed the data on the servers to Chinese interests, and gave a back-door into Apple's public-facing networks to the alleged perpetrators.
After the report was published, both Apple and Amazon issued strongly worded statements very specifically refuting the claims. The denial, and continued clarifications after the fact goes well beyond anything Apple has distributed. Apple continues to categorically deny all assertions in Bloomberg's story, and offers point-by-point rebuttal to certain facts and figures.
Bloomberg is standing by its investigation — claiming 30 companies were affected, but only naming two — saying the report took more than a year to compile and involved more than 100 interviews. The publication cites 17 sources from government agencies and companies involved in the alleged hack, including senior insiders at Apple.
At least one of Bloomberg's sources appears to have changed its mind after publication.
46 Comments
I have a hard time believing that policy makers would be dumb enough to bet against Apple and Amazon inspecting the chips that go into their equipment. If something like this is ever documented, the company that does it will be driven into bankruptcy, and it will mark the beginning of the end for China’s electronics industry.
AI: "Thursday's story claimed Chinese operatives managed to sneak a microchip the size of a grain of rice onto 7000 motherboards produced by Supermicro, which supplied those compromised parts for use in Apple's iCloud data centers."
Didn't Bloomberg actually say it wasn't known if any of the 7000 servers already in use were compromised? I don't them saying anywhere in the article that they were, only that Apple had 7000 in use that potentially could have been. Of note Apple claims no servers were sent back to Supermicro, but in 2015 the supplier themselves said exactly that, Apple was returning recently purchased servers. No reason for Supermicro to say Apple sent servers back unless they had.
Maybe Bloomberg should be sued....