No evidence of spy chips, Apple insists in letter to US Congress [u]
Apple hasn't detected unusual transmissions or other evidence servers were infiltrated with Chinese spy chips, the company's VP of Information Security insisted in a letter to Congress on Sunday.
Updated on Oct. 8 with the letter itself, as well as amplifying remarks by Apple
Apple's Vice President of Information Security George Stathakopoulos penned the letter stating that the allegations about the spy chip were made by a single source, and not by Bloomberg's claim of 17 corroborating sources.
While the story was being reported, we spoke with Bloomberg's reporters and editors and answered any and all of their questions. We methodically dispelled the often-shifting nature of their claims. While we repeatedly asked them to share specific details about the alleged malicious chips that they seemed certain existed, they were unwilling or unable to provide anything more than vague secondhand accounts.
We were struck by the fact that the gravity and magnitude of the claims seemed to be undermined by their uncertainty around key details. Nevertheless, we worked tirelessly to ascertain whether these claims were true or, failing that, if anything even like them were true.
In the end, our internal investigations directly contradict every consequential assertion made in the article— some of which, we note, were based on a single anonymous source.
Apple has never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server. We never alerted the FBI to any security concerns like those described in the article, nor has the FBI ever contacted us about such an investigation.
Stathakopoulos promised to make himself available to brief Congressional staff.
Last Thursday, a Bloomberg report claimed that Chinese operatives had managed to sneak a microchip the size of a grain of rice onto 7,000 motherboards produced by Super Micro, which supplied those compromised parts for use in Apple's iCloud data centers. The chip, supposedly designed by the Chinese military, is said to have passed server data on to Chinese interests, and created a backdoor into public-facing networks.
Bloomberg has stuck by its story, claiming that 30 companies were affected in all, another example being Amazon. The report took over a year to produce, and 17 sources, including people inside Apple.
Two government agencies — the Department of Homeland Security, and the U.K.'s GCHQ — have cast doubt on the allegations. The Chinese government is known to regularly probe U.S. government and corporate networks, though.
The U.S. National Security Agency has itself resorted to intercepting IT infrastructure such as Cisco routers.