Bloomberg's iCloud spy chip attack allegations technically impossible
A report claiming Chinese spy chips were secretly implanted into Super Micro servers used by Apple and other tech firms has been dealt another blow, with a delve into how secure servers work criticizing the report's lack of detail for the hack and insisting the claimed technique would have been implausible to pull off.
Inside one of Apple's U.S. data centers
The original Bloomberg report alleging the existence of the spy chips has been refuted by many companies already, but while there have been declarations that it hasn't happened and doubts from both security experts and government agencies over its occurrence, there has been little explanation as to why the report is incorrect.
The deep dive by server-focused publication Serve The Home is a detailed and technical exploration over some of the report's claims, with the site noting numerous issues with Bloomberg's account. The description of how the hack worked is said to include "some fairly astounding plausibility and feasibility gaps," and is notably light on details and difficult to navigate.
The main issue with the report's claims is the description that the chips are "connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off." The chips are also claimed to be able to tell the connected device to connect to external computers, and to install code received from these servers into the device's operating system.
The claim of telling the device to communicate externally is noted as false due to basic industry security practices, namely that BMCs are typically networked separately from Internet-facing connections. The firms identified in the report, including Apple and Amazon, are also likely to have better security protections than the average small to medium enterprise, which would include hardened security for BMCs, making such attacks as described practically impossible.
The accessing of sensitive code on crashed or turned-off machines is also dismissed, as "This is not how this technology works." When the BMC is powered on, data stores and the processor are not turned on, and are not able to be directly communicated with in this state. In short, if the server storage is not on, it is inaccessible, and no supposed code injection could be performed at all.
Another section objected to in the investigation is the claim the spy chips would manipulate instructions that tells the server what to do when data moves across the motherboard, tweaking code in temporary memory en route to the processor. This is seemingly not plausible as the supposed implanted hardware "does not have the pin count nor the processing power to perform this interception."
In summing up the lengthy examination, Serve The Home insists Bloomberg needs to "present credible and verifiable information to prove this story is true," as the presented hack simply would not work. If such evidence or information is not available, Bloomberg should retract the story and investigate how it passed editorial muster.
Graphic illustrating size of supposed Chinese spy chip allegedly embedded in Apple servers.
Source: Bloomberg Businessweek
On October 4, a Bloomberg report based on a multi-year investigation claimed that Apple, Amazon, and 30 other companies had been the victim of an espionage campaign in which rice-sized chips had been planted on motherboards made by Super Micro. Once delivered, the motherboards supposedly created a backdoor into infrastructure like Apple's iCloud.
Apple was quick to deny allegations, insisting that it had conducted a "massive, granular, and siloed investigation."
Amazon also issued a very clear denial of the story.
"There are so many inaccuracies in this article as it relates to Amazon that they're hard to count," Amazon said in its statement, refuting several specific claims, and specifically citing that there was no modified hardware found.
Several subsequent accounts have cast further doubt, such as one from the senior advisor for Cybersecurity Strategy to the director of the U.S. National Security Agency. Additionally, The U.S. Department of Homeland Security commented that it had "no reason to doubt" the positions of Apple and Amazon.
On Friday, Tim Cook also spoke about Bloomberg's allegations. Apple's CEO denied the report, and took issue with how the story's reporters communicated with Apple.
"There is no truth in their story about Apple," Cook said on Friday. "They need to do that right thing and retract it."
"I was involved in our response to this story from the beginning," said Cook. "I personally talked to the Bloomberg reporters along with Bruce Sewell who was then our general counsel. We were very clear with them that this did not happen, and answered all their questions. Each time they brought this up to us, the story changed and each time we investigated we found nothing."
"We turned the company upside down. Email searches, datacenter records, financial records, shipment records," Cook added. "We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. There's no truth to this."
On Monday, Super Micro said that it would continue to investigate the allegations found in the report. At the same time, Super Micro CEO Charles Liang echoed Cook's call for a retraction.
"Bloomberg's recent story has created unwarranted confusion and concern for our customers, and has caused our customers, and us, harm," Liang said. "Bloomberg should act responsibly and retract its unsupported allegations that malicious hardware components were implanted on our motherboards during the manufacturing process."
Bloomberg hasn't backed down from its claims, and U.S. senators have asked Super Micro for answers.
AppleInsider will be at the fall "There's more in the making" event, where we expect new iPad Pros, and maybe even new Macs! Keep up with our coverage by downloading the AppleInsider app for iOS, and follow us on YouTube, Twitter @appleinsider and Facebook for live, late-breaking coverage. You can also check out our official Instagram account for exclusive photos.
Inside one of Apple's U.S. data centers
The original Bloomberg report alleging the existence of the spy chips has been refuted by many companies already, but while there have been declarations that it hasn't happened and doubts from both security experts and government agencies over its occurrence, there has been little explanation as to why the report is incorrect.
The deep dive by server-focused publication Serve The Home is a detailed and technical exploration over some of the report's claims, with the site noting numerous issues with Bloomberg's account. The description of how the hack worked is said to include "some fairly astounding plausibility and feasibility gaps," and is notably light on details and difficult to navigate.
The main issue with the report's claims is the description that the chips are "connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off." The chips are also claimed to be able to tell the connected device to connect to external computers, and to install code received from these servers into the device's operating system.
The claim of telling the device to communicate externally is noted as false due to basic industry security practices, namely that BMCs are typically networked separately from Internet-facing connections. The firms identified in the report, including Apple and Amazon, are also likely to have better security protections than the average small to medium enterprise, which would include hardened security for BMCs, making such attacks as described practically impossible.
The accessing of sensitive code on crashed or turned-off machines is also dismissed, as "This is not how this technology works." When the BMC is powered on, data stores and the processor are not turned on, and are not able to be directly communicated with in this state. In short, if the server storage is not on, it is inaccessible, and no supposed code injection could be performed at all.
Another section objected to in the investigation is the claim the spy chips would manipulate instructions that tells the server what to do when data moves across the motherboard, tweaking code in temporary memory en route to the processor. This is seemingly not plausible as the supposed implanted hardware "does not have the pin count nor the processing power to perform this interception."
In summing up the lengthy examination, Serve The Home insists Bloomberg needs to "present credible and verifiable information to prove this story is true," as the presented hack simply would not work. If such evidence or information is not available, Bloomberg should retract the story and investigate how it passed editorial muster.
Graphic illustrating size of supposed Chinese spy chip allegedly embedded in Apple servers.
Source: Bloomberg Businessweek
On October 4, a Bloomberg report based on a multi-year investigation claimed that Apple, Amazon, and 30 other companies had been the victim of an espionage campaign in which rice-sized chips had been planted on motherboards made by Super Micro. Once delivered, the motherboards supposedly created a backdoor into infrastructure like Apple's iCloud.
Apple was quick to deny allegations, insisting that it had conducted a "massive, granular, and siloed investigation."
Amazon also issued a very clear denial of the story.
"There are so many inaccuracies in this article as it relates to Amazon that they're hard to count," Amazon said in its statement, refuting several specific claims, and specifically citing that there was no modified hardware found.
Several subsequent accounts have cast further doubt, such as one from the senior advisor for Cybersecurity Strategy to the director of the U.S. National Security Agency. Additionally, The U.S. Department of Homeland Security commented that it had "no reason to doubt" the positions of Apple and Amazon.
On Friday, Tim Cook also spoke about Bloomberg's allegations. Apple's CEO denied the report, and took issue with how the story's reporters communicated with Apple.
"There is no truth in their story about Apple," Cook said on Friday. "They need to do that right thing and retract it."
"I was involved in our response to this story from the beginning," said Cook. "I personally talked to the Bloomberg reporters along with Bruce Sewell who was then our general counsel. We were very clear with them that this did not happen, and answered all their questions. Each time they brought this up to us, the story changed and each time we investigated we found nothing."
"We turned the company upside down. Email searches, datacenter records, financial records, shipment records," Cook added. "We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. There's no truth to this."
On Monday, Super Micro said that it would continue to investigate the allegations found in the report. At the same time, Super Micro CEO Charles Liang echoed Cook's call for a retraction.
"Bloomberg's recent story has created unwarranted confusion and concern for our customers, and has caused our customers, and us, harm," Liang said. "Bloomberg should act responsibly and retract its unsupported allegations that malicious hardware components were implanted on our motherboards during the manufacturing process."
Bloomberg hasn't backed down from its claims, and U.S. senators have asked Super Micro for answers.
AppleInsider will be at the fall "There's more in the making" event, where we expect new iPad Pros, and maybe even new Macs! Keep up with our coverage by downloading the AppleInsider app for iOS, and follow us on YouTube, Twitter @appleinsider and Facebook for live, late-breaking coverage. You can also check out our official Instagram account for exclusive photos.
Comments
"As for Apple, one of the three senior insiders says that in the summer of 2015, a few weeks after it identified the malicious chips, the company started removing all Supermicro servers from its data centers, a process Apple referred to internally as “going to zero.” Every Supermicro server, all 7,000 or so, was replaced in a matter of weeks, the senior insider says. (Apple denies that any servers were removed.) In 2016, Apple informed Supermicro that it was severing their relationship entirely—a decision a spokesman for Apple ascribed in response to Businessweek’s questions to an unrelated and relatively minor security incident."
The article does mention “on delivery” but surely someone at Apple and Amazon would have noticed someone soldering chips onto out of the box machines because this is NOT common practice in any way shape or form. In my 18 years in IT I have never seen anyone soldering something to a server that has just been opened out of the box. DIMMs and CPUs and GPUs and network cards etc but these clip in and do not require soldering and that’s even in the early 90s when IT was in its infancy.
Businessweek has lied to get sales and should be punished with all the weight of the law for its refusal to retract a blatant lie.
Denials from a company under SEC laws and regulations versus Bloomberg with no real accountability to speak of? Yeah, guess which I'm going with.
All that proof and reliable sources stuff, sheesh.
Facts??? What facts? Bloomberg presented ZERO evidence and only THEORIES... They could EASILY have gotten their hands on one of the “supposed” servers that have been compromised in their claimed fashion to show to the world their article is credible, but they have ZERO evidence, as you seem to think they do. Wake up and stop being a blind troll!
We now have security experts and scientists / engineers providing DETAILED technical rebuttals as to why the Bloomberg story is nonsensical, but you are just refusing to listen to them, and instead are persisting to have your head in the sand! Eventually you’ll croak under there with no oxygen!
And what good is the claims of “industry insiders” when they cannot provide even a tiny SHRED of evidence to backup their claims to provide some credibility? This can be done without exposing their identities and keeping them anonymous.
Can you ban this troll please??? His spam-polluting garbage is getting tiresome and hijacking legitimate threads here...
Then, there's the idea our food pyramid is built on... that grains are a big part of a good diet and fat is bad for you.
Science, like most other sources of knowledge, can be in error, and more importantly, corrupted by human nature.
Not untypical for the MSM these days... or worse, propaganda (i.e.: they are all fed the story to portray, and just put it out there verbatim).