ReutersOct 23, 2018 10:37:08 IST
“Despite the lack of any proof that a malicious hardware chip exists, we are undertaking a complicated and time-consuming review to further address the article,” the server and storage manufacturer said in a letter to its customers, dated 18 October.
Shares of the San Jose, California-based company rose 4.3 percent to $14.70 on 22 October.
A Bloomberg report on 4 October cited 17 unidentified sources from intelligence agencies and businesses that claimed Chinese spies had placed computer chips inside equipment used by about 30 companies, including Apple and Amazon and multiple US government agencies, which would give Beijing secret access to internal networks.
Super Micro denied the allegations made in the report.
The company said the design complexity makes it practically impossible to insert a functional, unauthorized component onto a motherboard without it being caught by the checks in its manufacturing and assembly process.
It is entirely plausible that a malicious chip can be placed on a motherboard but it will be at a very high cost, and the risk of detection increases with every such chip in the field, said Jake Williams, a former National Security Agency analyst and founder of the cybersecurity firm Rendition Infosec.
“This technique would only be used for high-value targets that couldn’t be easily compromised via another attack vector,” Williams said.
The Bloomberg report also said Apple in 2015 had found malicious chips on Super Micro motherboards and added that Amazon uncovered such chips the same year while examining servers made by Elemental Technologies, which Amazon eventually acquired.
Both Apple and Amazon have denied the allegations. Apple chief executive officer Tim Cook told online news website BuzzFeed on 19 October that Bloomberg should retract the story.
Amazon Web Services CEO Andy Jassy also joined Cook in asking Bloomberg to retract the report.
“Bloomberg story is wrong about Amazon, too ... Reporters got played or took liberties. Bloomberg should retract,” Jassy said in a tweet on Monday.
Bloomberg had previously said it stood by its report and was confident of its reporting, which was conducted for more than a year.
Security experts, as well as the US and UK authorities, have said they had no knowledge of the attacks.
Tech2 is now on WhatsApp. For all the buzz on the latest tech and science, sign up for our WhatsApp services. Just go to Tech2.com/Whatsapp and hit the Subscribe button.