In last weekend’s column we discussed Bloomberg Businessweek’s recent, explosive report alleging that Chinese spies had planted surveillance chips on the motherboards of computer servers that ended up inside more than two dozen companies, including Amazon and Apple. Just about all of the parties named in the piece issued strong denials. I urged readers to approach the story with skepticism. “It’s likely there is truth in the piece, but in which parts remains an open question,” I wrote.
A week later, I remain deeply troubled by this story—not because of its substance, but because of its lack of substantiation. It seems a little odd that no one has reported identifying a single one of these spy chips in the wild since Bloomberg’s report appeared, no? Wouldn’t it have been easy for any companies using servers containing components from Supermicro, the company whose products were allegedly backdoored, to send an engineer into a data center, pry open a server, pluck out an offending implant, and reveal China’s alleged subterfuge to the world? Instead, we hear cricket chirps.
While this absence of evidence is not enough to debunk the report, it does raise doubts. Besides, wouldn’t it be easier for spies simply to meddle with Supermicro’s notoriously buggy firmware? This approach would achieve the same results and be far less complicated to pull off logistically. Plus, it would leave no trace.
Further developments related to the report’s publication give me pause. Joe Fitzpatrick, a hardware hacking expert and one of the only named sources in the piece, said he finds the story implausible....MORE
Wednesday, October 17, 2018
Doubts Swirl Around Bloomberg‘s China Chip Hack Report.
From Fortune, Oct. 14: