UK cyber security agency backs Apple, Amazon China hack denials

The U.S. and Chinese flags side by side

The U.S. and Chinese flags side by side

However, Apple, Supermicro, and AWS have denied the allegations, with Apple publishing an unambiguous statement that completely rejects the notion of malicious chips being found in any servers.

When the story broke last week, though, the U.S. intelligence agencies were quiet, but the Department of Homeland Security stepped in over the weekend to say that although the agency is aware of Bloomberg's report, it has "no reason to doubt" the statements made by the two companies. "The NCSC engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us".

Both Amazon and Apple strongly refute the story.

"The Department of Homeland Security is aware of the media reports of a technology supply chain compromise", the agency said. According to Bloomberg, these servers wound up in the data centers of nearly 30 companies, including Apple and Amazon.

In Brazil’s election, the traditional political class is wiped out
He reportedly said to a female congresswoman, publicly, that he would not sexually assault her because she was not worthy of him . He will face leftist Fernando Haddad , the former mayor of São Paulo, in a second round of voting on October 28.

The Bloomberg report claimed that the chips, which were the size of a pencil tip and allegedly ended up in server boards used by nearly 30 companies as well as government agencies, compromised entire data centres operated by Amazon and Apple. "Apple's proprietary security tools are continuously scanning for precisely this kind of outbound traffic, as it indicates the existence of malware or other malicious activity", it stated. As the Register wrote, Apple and Amazon's denials were unusually firm, and it's possible that government sources overplayed the threat-though the site also found it "inconceivable that [Bloomberg] would publish a story this huge that wasn't watertight".

Apple and Amazon, the largest two companies which were connected to the allegedly affected supplier Super Micro, issued strong denials in response to the report last week. In addition, he notes that there are "many operational issues" using "non-directed HW [hardware] backdoors at scale as described [in the report]". This is what had been alleged in a recent article by Bloomberg BusinessWeek. DHS said they have no reason to doubt them or believe otherwise.

Apple contested the Bloomberg report on Thursday, saying its own internal investigations found no evidence to support the story's claims and that neither the company, nor its contacts in law enforcement, were aware of any investigation by the FBI on the matter.

"In essence, this story seems to pass the sniff test", says Theo Markettos, who is on the security team at Cambridge University's Computer Lab. "If I wanted to do this, this is how I'd do it".

Latest News