UK cyber security agency backs Apple, Amazon China hack denials

Lenovo whose products include virtual reality glasses was among Asian technology companies whose shares fell

Lenovo whose products include virtual reality glasses was among Asian technology companies whose shares fellPAU BARRENA AFP GETTY IMAGES

However, Apple, Supermicro, and AWS have denied the allegations, with Apple publishing an unambiguous statement that completely rejects the notion of malicious chips being found in any servers.

When the story broke last week, though, the U.S. intelligence agencies were quiet, but the Department of Homeland Security stepped in over the weekend to say that although the agency is aware of Bloomberg's report, it has "no reason to doubt" the statements made by the two companies. "The NCSC engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us".

Both Amazon and Apple strongly refute the story.

"The Department of Homeland Security is aware of the media reports of a technology supply chain compromise", the agency said. According to Bloomberg, these servers wound up in the data centers of nearly 30 companies, including Apple and Amazon.

Sports world reacts after Drew Brees sets the NFL's all-time passing record
As the Superdome crowd gave Brees a standing ovation, he removed his helmet and hugged his wife Brittany and their four children. He actually began the evening third on the all-time list and passed Brett Favre (71,838 yards) on Monday, as well.

The Bloomberg report claimed that the chips, which were the size of a pencil tip and allegedly ended up in server boards used by nearly 30 companies as well as government agencies, compromised entire data centres operated by Amazon and Apple. "Apple's proprietary security tools are continuously scanning for precisely this kind of outbound traffic, as it indicates the existence of malware or other malicious activity", it stated. As the Register wrote, Apple and Amazon's denials were unusually firm, and it's possible that government sources overplayed the threat-though the site also found it "inconceivable that [Bloomberg] would publish a story this huge that wasn't watertight".

Apple and Amazon, the largest two companies which were connected to the allegedly affected supplier Super Micro, issued strong denials in response to the report last week. In addition, he notes that there are "many operational issues" using "non-directed HW [hardware] backdoors at scale as described [in the report]". This is what had been alleged in a recent article by Bloomberg BusinessWeek. DHS said they have no reason to doubt them or believe otherwise.

Apple contested the Bloomberg report on Thursday, saying its own internal investigations found no evidence to support the story's claims and that neither the company, nor its contacts in law enforcement, were aware of any investigation by the FBI on the matter.

"In essence, this story seems to pass the sniff test", says Theo Markettos, who is on the security team at Cambridge University's Computer Lab. "If I wanted to do this, this is how I'd do it".

Latest News