Department of Homeland Security chimes in on iCloud server spy chip allegations
The United States Department of Homeland Security has added to the growing chorus of voices siding with Apple and Amazon versus the blockbuster report that Apple's iCloud and Siri security was violated by a China-planted spy chip.
The statement, issued by DHS on Saturday doesn't delve into any detail about why it believes that the Bloomberg report from Thursday is flawed, and sides with Apple and Amazon in the matter.
The Department of Homeland Security is aware of the media reports of a technology supply chain compromise. Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story.
Information and communications technology supply chain security is core to DHS's cybersecurity mission and we are committed to the security and integrity of the technology on which Americans and others around the world increasingly rely.
Just this month - National Cybersecurity Awareness Month - we launched several government-industry initiatives to develop near- and long-term solutions to manage risk posed by the complex challenges of increasingly global supply chains. These initiatives will build on existing partnerships with a wide range of technology companies to strengthen our nation's collective cybersecurity and risk management efforts.
Thursday's story claimed Chinese operatives managed to sneak a microchip the size of a grain of rice onto 7000 motherboards produced by Supermicro, which supplied those compromised parts for use in Apple's iCloud data centers. The chip, supposedly designed by the Chinese military, allegedly passed the data on the servers to Chinese interests, and gave a back-door into Apple's public-facing networks to the alleged perpetrators.
After the report was published, both Apple and Amazon issued strongly worded statements very specifically refuting the claims. The denial, and continued clarifications after the fact goes well beyond anything Apple has distributed. Apple continues to categorically deny all assertions in Bloomberg's story, and offers point-by-point rebuttal to certain facts and figures.
Bloomberg is standing by its investigation — claiming 30 companies were affected, but only naming two — saying the report took more than a year to compile and involved more than 100 interviews. The publication cites 17 sources from government agencies and companies involved in the alleged hack, including senior insiders at Apple.
At least one of Bloomberg's sources appears to have changed its mind after publication.