Refuting Bloomberg’s explosive story of Apple and other tech giants using compromised servers with Chinese spy chips, Kaspersky Lab says that while hardware supply chain attacks like the one described in the report are possible, the report itself is false.
In its analysis, Kaspersky Labs says although false, the Bloomberg report led to the stocks of Supermicro dwindling by over 40 percent. It will also possibly have a negative effect on its server business as many potential and existing clients might look elsewhere due to security concerns.
For businesses owning Supermicro hardware, this can be translated into a lot of frustration, wasted time, and resources. Considering the strong denials from Apple and Amazon, the history of inaccurate articles published by Bloomberg, including but not limited to the usage of Heartbleed by U.S. intelligence prior to the public disclosure, as well as other facts from these stories, we believe they should be taken with a grain of salt.
Ever since Bloomberg Newsweek published the story of Apple, Amazon, and others using compromised Supermicro servers, the report and the publication itself has been the subject of a lot of criticism. Apple refuted the report twice with some pretty strong statements of its own, while Department of Homeland Security and other high-profile security agencies also issued statements claiming the report was incorrect. In fact, one of the security researcher quoted in the report later claimed in a podcast that his statements were taken completely out of context.
Apple stopped sourcing servers from Supermicro after some other security issue with the latter’s servers. However, Supermicro continues to provide servers to Amazon for its AWS cloud services and plenty of other tech giants.
Given the kind of hack mentioned in the report and given how much importance Apple gives to security and privacy, it does look like there’s little truth to Bloomberg’s report especially since it has been strongly refuted by almost every major tech giant and security agencies.