AWS, Apple Deny Bloomberg Report On Chinese Server Attack


Amazon Web Services and Apple are among the companies rebutting a Bloomberg report that claims Chinese spies implanted servers, later used by the companies, with malicious hardware.

The report alleges that server motherboards made by San Jose-based Supermicro were implanted with microchips that were intended to steal sensitive data for China.

[Related: Partners: Trump China Tariffs To Hit Customers As Cisco Prices Increase 10%]

The compromised hardware ended up at companies including AWS and Apple, and was discovered by the companies through their own investigations—leading to further probes along with the FBI, according to Bloomberg.

Sponsored post

Amazon, Apple and Supermicro have denied the report’s claims in lengthy statements shared with Bloomberg. CRN has reached out to the companies for comment.

"We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg's story relating to Apple," Apple said in part of its response to Bloomberg. "On this we can be very clear: Apple has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server."

Amazon's statement contends in part that it's "untrue that AWS knew about servers containing malicious chips or modifications in data centers based in China, or that AWS worked with the FBI to investigate or provide data about malicious hardware."

In a statement from AWS chief information security officer Steve Schmidt posted on the AWS website, the Amazon unit added that key claims of the Bloomberg story are "untrue."

"There are so many inaccuracies in ‎this article as it relates to Amazon that they’re hard to count," AWS said.

Supermicro's statement, meanwhile, says that "we are not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard." Meanwhile, Supermicro’s stock plunged on Thursday by more than 50 percent to $9.90 after the report was published.

The Bloomberg report claims that the incident was behind Apple's halting of its relationship with Supermicro in 2016--a claim that Apple also denied in its statement to Bloomberg.

"Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs," Apple said in its statement. "That one-time event was determined to be accidental and not a targeted attack against Apple."