Chinese Spy Chips allegedly implanted in Apple iCloud Servers

Apple-Chinese-Hack-Server-Chips-iCloud-CPU

Bloomberg is alleging that around 30 companies tech, including Apple, manufactured in China had tiny spy chips embedded in them.

The report alleged hardware used by a number of organisations, including Apple, Amazon, and the military, had been altered during manufacture in China with a small chip onto each device.

Not to worry about your Mac, the article alleges the chips were added to  servers, including those potentially used in iCloud, providing Chinese hackers access to the networks.

In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips’ operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.

Bloomberg Businessweek
Image Source: Bloomberg Businessweek

Apple (and the other tech firms) have strongly disputed the claims and launched an investigation which found no evidence support them. 

The October 8, 2018 issue of Bloomberg Businessweek incorrectly reports that Apple found “malicious chips” in servers on its network in 2015. As Apple has repeatedly explained to Bloomberg reporters and editors over the past 12 months, there is no truth to these claims.

Apple

The UK’s GCHQ, the UK security agency, joins the tech firms in refuting the claims and states it has no reason to doubt the detailed assessments of Apple & Amazon.

Multiple US officials also state they have seen no evidence to support the claims.

The Department of Homeland Security is aware of the media reports of a technology supply chain compromise. Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story. Information and communications technology supply chain security is core to DHS’s cybersecurity mission and we are committed to the security and integrity of the technology on which Americans and others around the world increasingly rely. Just this month – National Cybersecurity Awareness Month – we launched several government-industry initiatives to develop near- and long-term solutions to manage risk posed by the complex challenges of increasingly global supply chains. These initiatives will build on existing partnerships with a wide range of technology companies to strengthen our nation’s collective cybersecurity and risk management efforts.

Department of Homeland Security