The tech news was dominated in October by a dramatic Bloomberg claim that Chinese spy chips had been embedded into the Super Micro motherboards of servers supplied to Apple, Amazon and others. The report claimed that Apple had discovered the chips, and reported the fact to the FBI.
All involved – Apple, Amazon and Super Micro – denied the claims, but the motherboard supplier decided the only way to lay this to rest was to commission an independent audit to investigate. That investigation has now been completed, and the firm says it found absolutely no evidence to support the story …
Reuters reports that Super Micro today advised its customers of the results of the third-party audit.
Computer hardware maker Super Micro Computer Inc told customers on Tuesday that an outside investigations firm had found no evidence of any malicious hardware in its current or older-model motherboards.
In a letter to customers, the San Jose, California, company said it was not surprised by the result of the review it commissioned in October […] A person familiar with the analysis told Reuters it had been conducted by global firm Nardello & Co and that customers could ask for more detail on that company’s findings.
Nardello specifically tested samples of the motherboards supplied to Apple and Amazon, alongside current versions, and found no evidence of spy chips in any of them. The company also checked design files and software, to see if there was evidence of tampering with either, but found nothing there either.
There were immediate reasons to doubt the story when it first appeared. It appeared to be poorly sourced, with no detail on how the supposed chip worked. The technical arguments against the claim seemed strong. And there were three problems with the theory that Apple was lying about it.
Apple doesn’t just deny the specific claim, it says that nothing like it has ever happened […] Apple has specifically stated that it is not under a gag order […] Third, the value of keeping quiet about any Chinese spy chip was completely lost once Bloomberg posted its story. If it was true, the Chinese government would know that the gig was up, and there would be no value in Apple, Amazon or the US government maintaining their silence. Apple could simply issue a statement saying something like ‘yes, this happened; we detected it; we were asked to keep quiet about it; we took steps to ensure no genuine customer data was leaked.’
More reasons quickly emerged. The Department of Homeland Security, the NSA and the UK’s NSA equivalent GCHQ all backed the denials; Apple repeated its denial to Congress (an insane thing for a company to do if it were lying); a leading security researcher who had been specifically seeking out evidence for this type of attack was unable to find any; and one of Bloomerg’s own sources told them prior to publication that the story made no sense.
Super Micro is said to be reviewing its legal options.