A new report asserts that China may have been spying on technology companies in the United States using a tiny spy chip.
Chinese subcontractors reportedly added the spy chips onto Supermicro motherboards during assembly, and the chips were designed to collect trade secrets and intellectual property from U.S. companies, Bloomberg reported Thursday.
Supermicro provided motherboards to dozens of companies, including Apple and Amazon.
Incredible: More than a dozen U.S. government and company sources tell Bloomberg that Chinese military operatives got tiny little spy chips into motherboards used by major American companies including Amazon and Apple. https://t.co/RmGwMaERIS
— Emily Rauhala (@emilyrauhala) October 4, 2018
The spy chips were first discovered when Amazon hired a third-party company to conduct a security analysis of a start-up company, Elemental Technologies, who Amazon considered acquiring. Their technology aided Amazon in compressing massive video files for improved streaming and transfers.
“Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities,” the Bloomberg report said.
U.S. intelligence sources reportedly revealed that Chinese military operatives had developed a spy chip and intended to add it to Supermicro motherboards headed for the U.S.
Federal authorities began the investigation in 2015 and more than three years later, it remains open. They found that the chips established a “stealth doorway into any network that included the altered machines.” This was particularly problematic since Elemental machines connected to their servers, which were linked with data centers and networks of the Department of Defense, CIA, and the Navy.
Amazon rejected the claims of spy chips, telling Bloomberg, “It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental.”
— USA TODAY Tech (@usatodaytech) October 4, 2018
Apple removed Supermicro servers from their company in 2015, and officially severed ties with them in 2016. Three senior-level Apple employees told Bloomberg anonymously that the separation was over the discovery of malicious chips added to Supermicro motherboards. However, Apple has officially denied knowledge of such chips.
“On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” Apple told Bloomberg, adding, “We remain unaware of any such investigation.”
It isn’t the first time China has been suspected of using hardware in spying campaigns. Their wide production of U.S. technology affords them the opportunity to do so.
“One country in particular has an advantage executing this kind of [hardware] attack: China, which by some estimates makes 75 percent of the world’s mobile phones and 90 percent of its PCs,” Bloomberg noted.
The Pentagon banned the sale of products from Huawei and ZTE due to the spying capabilities found in the products by U.S. officials. The items were later banned from military bases over security risks posed from data tracking of sensitive locations.
A statement from China’s Ministry of Foreign Affairs asserted, “China is a resolute defender of cybersecurity.”