Amazon, Supermicro and Apple call BS on Chinese spying sting – someone is lying
Amazon, Supermicro and Apple have released statements denying they have ever found any malicious microchips on their hardware calling into questions the validity of Chinese espionage claims.
Yesterday Bloomberg pulled back the curtain on an apparent three year-old US government into one of the most intrusive and intricate espionage campaigns, fuelled by the Chinese government. Should the claims be proven true, it would certainly add weight to the political paranoia which has been whipping the anti-China rhetoric into a frenzy, though the major players have denied all knowledge of the malicious microchips and the resulting investigation.
“As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue,” said Steve Schmidt, Chief Information Security Officer at Amazon. “At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.”
“Supermicro has never found any malicious chips, nor been informed by any customer that such chips have been found,” Supermicro said in a statement. “The manufacture of motherboards in China is not unique to Supermicro and is a standard industry practice. Nearly all systems providers use the same contract manufacturers.”
“Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple,” an Apple statement reads. “Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.”
While the entire saga is now a bit hazy, one thing is clear, someone is lying and misleading the general public.
Would China compromise ‘Workshop of the World’ position?
It is not difficult to believe the Chinese government would conduct such campaigns. It is generally accepted the Chinese government monitors the activities and communications of its own citizens, therefore it is not a huge stretch of the imagination to believe it would do so for foreign countries. But, would the Chinese government put its valuable position as the ‘Workshop of the World’?
With roughly 75% of smartphones and 90% of PCs manufactured in the country, any accusations of espionage would certainly force companies to reassess their supply chain. What company would buy hardware if they knew the potential for data breaches? It would be commercial suicide. China surely knows this, but it depends on what it places more importance on; securing intelligence from foreign governments and multinational corporations, or maintaining stability for a very lucrative industry for the country.
This is not to say they wouldn’t, but it would have to accept it would be sacrificing an important and profitable role in the global supply chain, one which it has worked hard to dominate.
Amazon, Supermicro and Apple clearly have a lot to lose
Another denial here is nothing which should come as a surprise. Should there have been a confirmation, the trio would haemorrhage customers.
Amazon AWS’ government business is a big earner, but how many would trust the services if there was a threat of espionage. The same could be said of corporate clients who are incredibly protective of trade secrets. Supermicro manufactures motherboards for more than 900 customers around the world, clearly this would be incredibly damaging to its reputation. For Apple, and Amazon as well, the PR damage for the consumer business could be a disaster. Consumers would be very wary, which combined with the high-prices Apple tends to charge, could possibly turn the public to other brands.
Each company has a lot to lose by admitting it has been compromised. There was of course going to be a denial, especially considering this investigation has not been confirmed by the government. If it does turn out to be true, the trio can simply state they were under non-disclosure agreements and a denial was necessary for national security, even if it was a lie.
A convenient revelation for the US government
Just as President Trump is going on the offensive against the Chinese government with tariffs and company bans, the story emerges. To say it is convenient timing is somewhat of an understatement.
Just last month, Trump upped the ante on the Chinese trade war by introducing tariffs on another $200 billion of imports. This adds to the initial $50 billion which was announced earlier in the year. With the price of imports increasing, and the option of domestic manufacture more expensive, the price of certain consumer goods will soon begin to rise. Trump will soon need to justify to US citizens why it is important to swallow these price increases, and an espionage scandal would certainly fit the bill.
Another interesting aspect is on the 5G side of things. With Huawei banned from any meaningful deployment or contracts, the risk is reduced competition which could potential lead to increased prices and slower deployment. Ghost stories about the naughty Chinese will only get the government so far, Trump will soon need a concrete reason for banning Huawei and ZTE from the fray. The malicious microchips provide justification here as well.
Not everyone can be right
Right now the validity of the claims is hazy. There are of course strong arguments for all, some suggesting they are telling the truth and some as evidence of lies, but right now, who knows.
With the intelligence community and the White House remaining quiet, rumours will continue to swirl. Until this confirmation or denial for the investigation is unveiled, the conspiracy theorists will be typing away. Of course, a confirmation or denial will not stop the conspiracy theorists, but it will at least provide some clarity for the rest of us.
Well, someone is lying, and Apple, AWS, and Supermicro would have credibility problems if they admitted having not discovered the problem. That said, a hardware “hack” in the manufacturing process of the mainboards would be difficult, but not out of the question. The necessary elements are a willing manufacturer who agrees to cooperate by being bribed or threatened, and a state actor who has the technical capability to insert a modification into the product. Thanks to Edward Snowden, we know the NSA was able to intercept the shipment of Cisco products to customers and make them less secure. This allowed NSA to collect data once from them when they were deployed. This is different than gaining access to the manufacturing process but the purpose is the same. Apple, AWS, and Supermicro all have reasons to lie about this. AWS has a big cloud computing contract with the US government. Apple is a consumer electronics company that has practically all their stuff manufactured in China. Supermicro wasn’t paying attention to what was happening at their mainboard manufacturer in China. The political angle is Supermicro was founded by a Taiwanese-American and we know how the Chinese government feels about Taiwan’s independence from China. Will we ever know conclusively? Time will tell.
With Apple its not just the government it needs to worry about, the enterprise business on the whole has been pushed over the last couple of years. How many companies will allow Apple devices as work phones if it emerges the iCloud is compromised.
In general, everyone has a reason to lie, everyone has a reason to tell the truth. Such is life. The truth will emerge eventually though I suspect it will be some time before we get to the genuine actual truth, not the ‘truths’ which are being hurled around at the moment.
This kind of thing is not unheard of. The US Government has form in this area, as Snowden’s NSA revelations regarding sneaking chips into Cisco products showed. It would not be unlikely that other countries (China) would attempt to do something similar. It would also not be unheard of for the companies affected to attempt to dismiss the claims in order to protect their sales. Cisco exports took a blow from the Snowden revelations several years ago.
The Chinese government has form in spying on its own people, so it certainly isn’t out of the question it would look further afield. However, the question is whether it is willing to sacrifice its valuable position in the global supply chain as the ‘workshop of the world’. It isn’t unimaginable, but everyone has a reason to lie at the moment.
Hey Ken, good to hear from you. It’s easy to believe everyone is up to this sort of thing in the tech cold war that seems to be underway.