Super Micro will check its motherboards for alleged spy chips

super micro chip
Image credit: Sangoiri / Shutterstock.com

(Reuters) – Computer hardware maker Super Micro Computer said on Monday it would review its motherboards for any proof of malicious chips as alleged in a recent media report.

“Despite the lack of any proof that a malicious hardware chip exists, we are undertaking a complicated and time-consuming review to further address the article,” the server and storage manufacturer said in a letter to its customers, dated Oct. 18.

Shares of the San Jose, California-based company rose 4.3% to $14.70 on Monday.

A Bloomberg report on Oct. 4 cited 17 unidentified sources from intelligence agencies and businesses that claimed Chinese spies had placed computer chips inside equipment used by about 30 companies, including Apple and Amazon.com and multiple US government agencies, which would give Beijing secret access to internal networks.

Super Micro denied the allegations made in the report.

The company said the design complexity makes it practically impossible to insert a functional, unauthorized component onto a motherboard without it being caught by the checks in its manufacturing and assembly process.

It is entirely plausible that a malicious chip can be placed on a motherboard but it will be at a very high cost, and the risk of detection increases with every such chip in the field, said Jake Williams, a former National Security Agency analyst and founder of the cyber security firm Rendition Infosec.

“This technique would only be used for high value targets that couldn’t be easily compromised via another attack vector,” Williams said.

The Bloomberg report also said Apple in 2015 had found malicious chips on Super Micro motherboards and added that Amazon uncovered such chips the same year while examining servers made by Elemental Technologies, which Amazon eventually acquired.

Both Apple and Amazon have denied the allegations. Apple chief executive officer Tim Cook told online news website BuzzFeed on Friday that Bloomberg should retract the story.

Amazon Web Services CEO Andy Jassy also joined Cook in asking Bloomberg to retract the report.

“Bloomberg story is wrong about Amazon, too … Reporters got played or took liberties. Bloomberg should retract,” Jassy said in a tweet on Monday.

Bloomberg had previously said it stood by its report and was confident of its reporting, which was conducted for more than a year.

Security experts as well as the US and UK authorities have said they had no knowledge of the attacks.

(By Sonam Rai; Reporting by Sonam Rai in Bengaluru; Editing by Arun Koyyur and Anil D’Silva)

Likes
Please feel free to share

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.