1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Super Micro audit is complete showing no signs of spy chips on its motherboards

By Greg S · 10 replies
Dec 11, 2018
Post New Reply
  1. In early October, Bloomberg published a piece claiming that China was using spy chips implanted onto motherboards produced by Super Micro to steal information from Apple, Amazon, and others. Super Micro has concluded its investigations into the matter and has sent notice to its customers that no evidence of malicious hardware has been found.

    From the start, Super Micro has denied all claims of attacks on its supply chain. Investigative firm Nardello & Co was responsible for examining motherboards that are currently in production. Models that have been sold to Apple and Amazon were also thoroughly analyzed.

    Audits on design files and software were also performed to ensure that all components being shipped were indeed legitimate. Both Apple and Amazon as well as government officials from the United States and United Kingdom have all denied any knowledge that the hardware implants described by Bloomberg exist. Tim Cook even went as far as directly calling for a retraction by Bloomberg.

    Now that an investigation has been completed, Super Micro is still going over some of its legal options. No information has been shared to indicate whether the company plans to take action against Bloomberg for impacting reputation and costs of the investigation. Apple and Amazon have not made any new comments regarding the lack of evidence found.

    Despite the fact that no evidence of tampering was found, the entire ordeal has at least raised awareness of the possibility of supply chain attacks. When a large number of products are produced by contract manufacturers without close supervision, it would not be difficult for a small number of units to be shipped with without going through any form of quality control checks or validations to confirm a design exactly matches its intended specifications.

    Permalink to story.

     
    Last edited by a moderator: Dec 11, 2018
  2. Uncle Al

    Uncle Al TS Evangelist Posts: 4,880   +3,315

    Not to be rather flippant about it, but it would make far more sense to plant spyware in software where it could easily be updated. Hardware might have restrictions as well as being physically detected more easily.
     
    TempleOrion, Reehahs and xxLCxx like this.
  3. xxLCxx

    xxLCxx TS Addict Posts: 173   +113

    Indeed. To the few 'informed' people the report didn't make much sense. Super Micro controls the firmware, which can do literately anything (including hiding malicious code). Yet, Bloomberg gave us the “rice corn” placed into nowhere (a chip needs connections to function). Of course, they were unable to bring forth said “rice corn”.
    I hope Super Micro can sue Bloomberg into oblivion, but I doubt it will work. The story has all the fingerprints of dirty propaganda on it, which means that they will fall softly.
    The story broke shortly after the US (broke too) successfully extorted $1 billion from ZTE. Now we are seeing the crazy* allegations against the imprisoned CFO from Huawei. I doubt this is unrelated. I see a dirty campaign.

    ---
    * What the US did was illegal. Iran did everything they demanded.
     
  4. mbrowne5061

    mbrowne5061 TS Evangelist Posts: 1,124   +602

    What the US did was perfectly legal. The sanctions in question were not any of the ones that lifted or re-instated, and so Iran's behavior one way or another here is irrelevant beyond purchasing goods that were in violation of those sanctions. This is why Canada complied with extradition arrest.
     
    Kibaruk and Eldritch like this.
  5. xxLCxx

    xxLCxx TS Addict Posts: 173   +113

    There is no unilateral right of withdrawal from such a contract. That's the whole point. The USA simply BROKE the treaty, which was illegal.
     
    TempleOrion and Charles Olson like this.
  6. cdxpwj

    cdxpwj TS Rookie

    I think this outcome is expected. IF such spy chip or hardware were implemented. The amount of resource and planning put into the project should be to a point that #1 They couldn't be found through a simple audit. #2 The spy chip/hardware is only installed on particular batch OR during particular period (which is now long past) #3 "Clean Job" has already done and what ever trace of such hardware installation is all gone. Which ever the case is, I'm sure it would have been done to a point that there is no possibility of finding anything at this point.
     
  7. mbrowne5061

    mbrowne5061 TS Evangelist Posts: 1,124   +602

    You missed the point, and got it at the same time. There is no unilateral withdrawal, that part is correct to some degree. A country could go "nope, we are no longer going to enforce these sanctions", at which point they themselves usually become sanctioned by all the other remaining nations in the agreement. In that sense, there is no such thing as unilateral withdrawal because any action by one nation triggers actions by others.

    In this particular case however, the sanctions the CFO is accused of violating were never lifted, so there is no debate over whether they were valid. These are pieces of the original Iran sanctions that were left in place, pieces that covered "dual-use" products, and were agreed to by the US, Canada, and China (and other nations that are irrelevant here). These are not the sanctions that were lifted by Obama. These are not the sanctions that were re-instated or put in place by Trump.

    Honestly, the CFO screwed up by ever setting foot outside of China during this whole trade ware. They pretty much guaranteed their arrest and extradition to the US the second they stepped on an international flight.
     
  8. fktech

    fktech TS Maniac Posts: 463   +124

    And who did the audit?
     
  9. xxLCxx

    xxLCxx TS Addict Posts: 173   +113

    There are 195 countries in the world. ;-)
    I've added Australia, Canada, New Zealand, the United Kingdom and the United States to the list of my personal no-go areas.
     
    TempleOrion likes this.
  10. xxLCxx

    xxLCxx TS Addict Posts: 173   +113

    That's in the article. Here, I'm "reading it out aloud" for you:
    "... Investigations by a third-party firm have not found any reason to believe that motherboard designs have been tampered with.
    ... Investigative firm Nardello & Co was responsible for examining motherboards that are currently in production. Models that have been sold to Apple and Amazon were also thoroughly analyzed."
     
    TempleOrion likes this.
  11. fktech

    fktech TS Maniac Posts: 463   +124

    LOL!
     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...