Security Researcher Cited in Bloomberg’s Apple Using Servers with Chinese Spy Says Story Doesn’t Make Sense

Apple logo

Ever since Bloomberg published its explosive story of Apple and other tech giants using compromised servers with hidden spy chips from China, all companies named in the report have strongly refuted it with multiple statements. Even law enforcement agencies from the U.S. and other security researchers have also claimed that the report is baseless.

However, Bloomberg has continued to stick to its original report claiming 17 insiders it talked to confirm the presence of spy chips in Apple’s servers.

One hardware security expert mentioned in the original report says that his comments have been taken out of context. Joe Fitzpatrick made these comments on the Risky Business podcast

I spent a lot of time going back and forth explaining how hardware implants worked. And as any researcher is excited to talk about their work, I was delighted to have someone who seemed interested to actually learn about how things worked as opposed to only looking for the buzzword byline that you wanted to throw into a story […]
But what really struck me is that like all the details that were even remotely technical, seemed like they had been lifted from from the conversations I had about theoretically  how hardware implants work and how the devices I was making to show off at black hat two years ago worked […]
It was surprising to me that in a scenario where I would describe these things and then he would go and confirm these and 100% of what I described was confirmed by sources.

Even the story of the chip used in the report by Bloomberg is of something entirely different. When Bloomberg’s reporter Jordan Robertson told the entire story he planned to run for Bloomberg, Fitzpatrick told him it did not make sense at all.

So late August was the first time Jordan disclosed to me some of the attackers in the story. I heard the story and It didn’t make sense to me. And that’s what I said. I said wow I don’t have any more information for you, but this doesn’t make sense. I’m a hardware person. My business is teaching people how to secure hardware. Spreading hardware fear, uncertainty and doubt is entirely in my financial gain. But it doesn’t make sense because there are so many easier ways to do this. There are so many easier hardware ways, there are software, there are firmware approaches. There approach you are describing is not scalable. It’s not logical. It’s not how I would do it. Or how anyone I know would do it.

Overall, he says the report has many of the technical aspects confused and it “didn’t make sense,” though its not outright wrong. Ultimately, it looks like Bloomberg’s report is inaccurate and the reporters behind the story got their facts messed up. No wonder then that Apple has so strongly denied the report multiple times.

[Via Risky Business]