Chief execs of the two US tech giants that figure most prominently in the Bloomberg report that alleges Chinese spies have covertly planted chips that can “call home” on server motherboards headed for US data centers, have called on the news organization to retract the story.
In an uncharacteristic move, Apple CEO Tim Cook called for a retraction in an interview with BuzzFeed News Friday. Andy Jassy, CEO of Amazon Web Services, did so in a tweet Monday, saying he agreed with Cook:
The story, which Bloomberg Businessweek published early this month, cites multiple sources within companies and the US government. Bloomberg has stood by the story, as executives from all the companies mentioned and high-ranking US government officials have denied its veracity.
In the latest of several public denials of the report, Super Micro Computer, the hardware maker whose motherboards are in question, last week sent a letter to customers (filed with the Securities and Exchange Commission) saying no malicious chip had been implanted in its products.
“There is no truth in their story about Apple,” Cook told BuzzFeed. “They need to do the right thing and retract it.”
The reporters spent more than a year on the investigation and did more than 100 interviews, Bloomberg has maintained. Seventeen government and company insiders confirmed that the hardware had been manipulated, the news organization said.
“We turned the company upside down,” Cook said. “Email searches, data center records, financial records, shipment records. We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. There’s no truth to this.”
Asked if a scenario like the one Bloomberg described could occur without him knowing about it, Cook replied, “The likelihood of that is virtually zero.”
In a statement issued shortly after the original Bloomberg report came out, AWS chief information security officer Steve Schmidt said it was “untrue:”
As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.
Since issuing the statement, Amazon had been quiet until Monday’s tweet by its CEO.
In its letter to customers, Supermicro attempted to make the case for its products’ security. One of the pillars its case rests on is “technical implausibility:”
Our motherboard designs are extremely complex. This complexity makes it practically impossible to insert a functional, unauthorized component onto a motherboard without it being caught by any one, or all, of the checks in our manufacturing and assembly process. The complex design of the underlying layers of the board also makes it highly unlikely that an unauthorized hardware component, or an altered board, would function properly.
Our motherboard technology involves multiple layers of circuitry. It would be virtually impossible for a third party, during the manufacturing process, to install and power a hardware device that could communicate effectively with our Baseboard Management Controller because such a third party would lack complete knowledge (known as “pin-to-pin knowledge”) of the design. These designs are trade secrets protected by Supermicro. The system is designed so that no single Supermicro employee, single team, or contractor has unrestricted access to the complete motherboard design (including hardware, software, and firmware).