Super Micro Computer said in a letter to customers last week it will review its hardware for any proof of malicious chips as alleged in a recent media report, but that such a hack would be “practically impossible” to pull off.
“Despite the lack of any proof that a malicious hardware chip exists, we are undertaking a complicated and time-consuming review to further address the article,” the company said in a letter to its customers dated Oct. 18.
A Bloomberg Businessweek story on Oct.4 cited 17 unidentified sources from intelligence agencies and businesses that claimed Chinese spies had placed computer chips inside equipment used by about 30 companies, including Apple and Amazon and multiple U.S. government agencies, which would give Beijing secret access to internal networks.
Super Micro denied the allegations made in the report and outlined in its letter to customers how complex such a hack would be.
Not only would the alleged Chinese hackers need to skirt past regular testing, Super Micro executives wrote that the unauthorized hardware would make it “highly unlikely” for their motherboards to actually function. Even if the supposed hackers were Super Micro employees rather than contractors, “no single employee or team has unrestricted access to the entire design” of their motherboards, the letter says. The letter also says it would’ve been difficult for companies in Super Micro’s supply chain to modify motherboards because suppliers do not have access to Super Micro’s full designs.
Apple and Amazon have both denied claims in the Bloomberg report that they had found out about the chips in 2015. Apple CEO Tim Cook strongly denied the allegations of malicious hardware in its technology in a Buzzfeed News article published Friday. He also called for Bloomberg to retract the story.
Bloomberg, however, said it stood by its report and was confident of its reporting, which was conducted over more than a year.
Security experts as well as the U.S. and U.K. authorities have said they had no knowledge of the attacks.
Reuters contributed to this report.