Super Micro audit is complete showing no signs of spy chips on its motherboards

[Matrix]

 

 

Bottom line: There is still no evidence that China managed to place spy chips on motherboards used by American companies. Investigations by a third-party firm have not found any reason to believe that motherboard designs have been tampered with.

In early October, Bloomberg published a piece claiming that China was using spy chips implanted onto motherboards produced by Super Micro to steal information from Apple, Amazon, and others. Super Micro has concluded its investigations into the matter and has sent notice to its customers that no evidence of malicious hardware has been found.

From the start, Super Micro has denied all claims of attacks on its supply chain. Investigative firm Nardello & Co was responsible for examining motherboards that are currently in production. Models that have been sold to Apple and Amazon were also thoroughly analyzed.

Audits on design files and software were also performed to ensure that all components being shipped were indeed legitimate. Both Apple and Amazon as well as government officials from the United States and United Kingdom have all denied any knowledge that the hardware implants described by Bloomberg exist. Tim Cook even went as far as directly calling for a retraction by Bloomberg.

Now that an investigation has been completed, Super Micro is still going over some of its legal options. No information has been shared to indicate whether the company plans to take action against Bloomberg for impacting reputation and costs of the investigation. Apple and Amazon have not made any new comments regarding the lack of evidence found.

Despite the fact that no evidence of tampering was found, the entire ordeal has at least raised awareness of the possibility of supply chain attacks. When a large number of products are produced by contract manufacturers without close supervision, it would not be difficult for a small number of units to be shipped with without going through any form of quality control checks or validations to confirm a design exactly matches its intended specifications.

 Original Article.

 

[The AchieVer]

Super Micro Says No Evidence Found Of Spying Chips Embedded In Its Motherboards

 

Are Super Micro server motherboards safe from Chinese spies? A recent audit has determined that the Super Micro motherboards are indeed free of malicious microchips, running contrary to an explosive Bloomberg Businessweek article that made waves in early October. The company sent a letter to its customers and assured them that “no evidence” has been found of wrongdoing. 

A report from Bloomberg claimed that that Chinese spies had planted malicious microchips on Super Micro motherboards. These microchips supposedly created a “stealth doorway into any network that included the altered machines”. They were reportedly placed by agents of the People’s Liberation Army, the armed forces of the People's Republic of China and Communist Party of China, during the manufacturing process. The motherboards were reportedly used in American data centers by companies like Apple and Amazon. 
 

 

Image from Super Micro 

So, who allegedly found evidence of these spying microchips that prompted the original report? In 2015, Amazon was considering acquiring Elemental Technologies, an Oregon-based software company. Amazon hired a third-party company to evaluate Elemental’s security and supposedly discovered the microchips. 

Bloomberg's report was incredibly controversial. Apple and Amazon conducted their own audits and insisted that no microchips had been found. The United States Department of Homeland Security (DHS) supported their statements and concluded that they had “no reason to doubt” Apple and Amazon’s assertions. The companies also demanded that the story be retracted.

 

Super Micro hired Nardello & Co., a global investigation company, to conduct an audit. The company tested both motherboards that are currently in production and ones that had been sold in the past. They were unable to corroborate Bloomberg’s report. Super Micro recently stated, “As we have stated repeatedly since these allegations were reported.... and we have never seen any evidence of malicious hardware on our products.” 

It is unclear what will happen next. Super Micro’s shares dropped 41% immediately after the publication of the report. Shares have somewhat recovered, but the company is still dealing with the aftermath. Super Micro has also stated that its is “reviewing their legal options”, but it has not given any more details. 

Bloomberg has neither retracted its report nor provided any further proof. The publication claimed that its reporting could be verified by seventeen individuals, including four U.S. officials, but no one has offered any additional evidence. It will interesting to see what legal steps Super Micro will take to clear their name and receive compensation

 

Source