Supermicro says independent investigation found no spy chips on its motherboards  - supermicro - Supermicro says independent investigation found no spy chips on its motherboards

San Jose-based server manufacturer Supermicro has written to its customers to tell them that an audit has found no evidence that malicious chips were planted on its motherboards.

The claims that Supermicro’s servers, used by the likes of Apple and Amazon, had been interfered with by the Chinese somewhere along its supply chain first surfaced in October in an extraordinary report from Bloomberg Business Week.

The claim, which Bloomberg claimed had been confirmed by umpteen unnamed current and former senior national officials, as well as insiders at Apple and Amazon, was treated with caution by many members of the security community.

That caution turned into increasing skepticism as Amazon, Apple contested the accuracy of the Bloomberg report.

It certainly felt unlikely that the companies would deny the allegations quite so vehemently if there was a grain of truth in them.

Even the Department of Homeland Security and the UK’s GCHQ issued statements, backing Amazon and Apple in its refutations of the allegations.

In a letter to customers made public yesterday, Supermicro explains that it asked Nardello & Co., a third-party , to conduct an independent audit of its hardware, testing both its current motherboards as well as ones that it had previously sold to Apple and Amazon.

What did the find? Nothing.

Supermicro letter  - supermicro letter - Supermicro says independent investigation found no spy chips on its motherboards

“As we have stated repeatedly since these allegations were reported, no government agency has ever informed us that it has found malicious hardware on our products; no customer has ever informed us that it found malicious hardware on our products; and we have never seen any evidence of malicious hardware on our products.”

After thorough examination and a range of functional tests, the investigations firm found absolutely no evidence of malicious hardware on our motherboards.”

It certainly feels like the ball is in the court of Bloomberg. Surely the onus is on them to produce some physical evidence of a tampered motherboard that can be examined by an independent neutral expert. If they are unable to do that, suspicions will continue to grow that the integrity of the journalists who worked on the Bloomberg story is in question.

So what is Bloomberg saying?

Not much as it happens. A brief article has been published, noting that the third-party test has found no evidence of mischief on Supermicro’s motherboards but – perhaps tellingly – the most they feel comfortable saying is:

“Bloomberg Businessweek has previously said that it stands by its story.”

Note the wording. “Previously said”. What about now? Was Bloomberg unable to get an updated quote from Bloomberg? Something makes me think that Bloomberg just wants this story to go away…

Supermicro has also made a short video about its quality assurance processes to further reassure customers.

- aa9ea0686c5d1aa9086d4b12c3aa05f2 s 80 d mm r g - Supermicro says independent investigation found no spy chips on its motherboards

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Follow @gcluley





Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here