|
Title: Apple Denies Report Claiming Chinese Spies Planted Microchips in iCloud Servers Post by: HCK on October 09, 2018, 04:05:08 pm Apple Denies Report Claiming Chinese Spies Planted Microchips in iCloud Servers
Bloomberg Businessweek today reports (https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies) that around three years ago, the Chinese military began inserting microchips on Supermicro server motherboards while they were being manufactured in China, providing the Chinese government with a stealth doorway into any network that used the tampered hardware. <img src="(http://cdn.macrumors.com/article-new/2018/10/bloomberg-businessweek-supermicro.jpg)" alt="" width="600" height="799" class="aligncenter size-full wp-image-659156" /> The report cites an official who said investigators found the attack eventually affected nearly 30 companies, including Apple and Amazon, along with a major bank and government contractors in the United States. The microchip was placed on the motherboards in a way that allowed it to inject its own code or alter the order of the instructions the CPU was meant to follow, according to the report. One government official said China's goal was "long-term access to high-value corporate secrets and sensitive government networks." No consumer data is known to have been stolen, according to the report, but the extent of the attack appears to be unclear. Apple was a longtime Supermicro customer, with plans to order more than 30,000 of its server motherboards in two years for its global network of data centers, which power services like the App Store (https://www.macrumors.com/roundup/app-store/) and Siri (https://www.macrumors.com/roundup/siri/). Documents seen by Businessweek show that in 2014, Apple planned to order more than 6,000 Supermicro servers for installation in 17 locations, including Amsterdam, Chicago, Hong Kong, Los Angeles, New York, San Jose, Singapore, and Tokyo, plus 4,000 servers for its existing North Carolina and Oregon data centers. Those orders were supposed to double, to 20,000, by 2015.The report claims Apple had around 7,000 of the motherboards in its data centers when its security team came across the microchips. Apple reportedly discovered the suspicious chips on the motherboards around May 2015, after detecting odd network activity and firmware problems. Two senior Apple insiders were cited as saying the company reported the incident to the FBI, but kept details about what it had detected tightly held. The insiders cited in the report said in the summer of 2015, a few weeks after Apple identified the malicious chips, the company started removing all Supermicro servers from its data centers. Every one of the 7,000 or so Supermicro servers was replaced in a matter of weeks, according to one of the insiders. In a strongly-worded statement (https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond), Apple denied Bloomberg Businessweek's report: Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple. Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg's story relating to Apple.Amazon also denied the report (https://aws.amazon.com/blogs/security/setting-the-record-straight-on-bloomberg-businessweeks-erroneous-article/), while Supermicro said it remains unaware of any such investigation. Chinese officials did not directly address the report, stating that "supply chain safety in cyberspace is an issue of common concern, and China is also a victim." However, in addition to the three Apple insiders, the report says four of six U.S. officials confirmed that Apple was a victim. Apple did acknowledge a 2016 incident in which it discovered an infected driver on a single Supermicro server in one of its labs. Apple said that one-time event was determined to be accidental and not a targeted attack. Early last year, The Information reported that Apple cut ties with Supermicro in 2016 (https://www.macrumors.com/2017/02/23/apple-ends-relationship-with-super-micro/) after unearthing a security vulnerability in at least one of its servers, which seems to be the incident that Apple is referring to in its statement. Apple has since moved on to other server suppliers, including ZT Systems and Inspur. <small>Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues (http://forums.macrumors.com/forumdisplay.php?f=47) forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.</small> <div class="linkback">Tag: China (https://www.macrumors.com/roundup/china/)</div> Discuss this article (https://forums.macrumors.com/threads/apple-denies-supermicro-china-hacking-report.2145477/) in our forums <div class="feedflare"> <img src="http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img> (http://feeds.macrumors.com/~ff/MacRumors-Front?a=wj43ec1F5W4:amzG45hILUM:yIl2AUoC8zA) <img src="http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img> (http://feeds.macrumors.com/~ff/MacRumors-Front?a=wj43ec1F5W4:amzG45hILUM:6W8y8wAjSf4) <img src="http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img> (http://feeds.macrumors.com/~ff/MacRumors-Front?a=wj43ec1F5W4:amzG45hILUM:qj6IDK7rITs) </div><img src="http://feeds.feedburner.com/~r/MacRumors-Front/~4/wj43ec1F5W4" height="1" width="1" alt=""/> Source: Apple Denies Report Claiming Chinese Spies Planted Microchips in iCloud Servers (https://www.macrumors.com/2018/10/04/apple-denies-supermicro-china-hacking-report/) |