In early October, Bloomberg published a piece claiming that China was using spy chips implanted onto motherboards produced by Super Micro to steal information from Apple, Amazon, and others. Super Micro has concluded its investigations into the matter and has sent notice to its customers that no evidence of malicious hardware has been found.
From the start, Super Micro has denied all claims of attacks on its supply chain. Investigative firm Nardello & Co was responsible for examining motherboards that are currently in production. Models that have been sold to Apple and Amazon were also thoroughly analyzed.
Audits on design files and software were also performed to ensure that all components being shipped were indeed legitimate. Both Apple and Amazon as well as government officials from the United States and United Kingdom have all denied any knowledge that the hardware implants described by Bloomberg exist. Tim Cook even went as far as directly calling for a retraction by Bloomberg.
Now that an investigation has been completed, Super Micro is still going over some of its legal options. No information has been shared to indicate whether the company plans to take action against Bloomberg for impacting reputation and costs of the investigation. Apple and Amazon have not made any new comments regarding the lack of evidence found.
Despite the fact that no evidence of tampering was found, the entire ordeal has at least raised awareness of the possibility of supply chain attacks. When a large number of products are produced by contract manufacturers without close supervision, it would not be difficult for a small number of units to be shipped with without going through any form of quality control checks or validations to confirm a design exactly matches its intended specifications.