The Bloomberg article about Supermicro Supply Chain Hardware Hack

Everyone is talking about the Bloomberg Businessweek’s volatile report alleging that Chinese spies had implanted surveillance chips in the motherboards of computer servers.

The report is not standing up to the smell test.  As president Trump would say – This is fake news.

Apple, Amazon, and the other involved parties delivered strong denials.  If these companies saw any potential truth in the article they would have not issued such strong denials.  For one thing – if there was any truth in the article then each of these companies would have a high liability for misleading the public with the denials.

It appears somewhat strange that nobody has reported identifying one of the spy chips from any motherboards in production.   Would not it have been simple for any businesses using servers comprising elements from Supermicro, the firm whose products were supposedly backdoored, to send an engineer to find the miniature spy chip at one of their datacenters?  I know engineers who work on circuit boards and these folks would easily be able to identify a maliciously installed component.

The Bloomberg article even showed a picture of the chip.  I am sure that that image was just to enhance the impact of the story.

While lack of proof Isn’t enough to Debunk the report, it will raise doubts.

Joe Fitzpatrick, a hardware hacking pro and one of those sole named sources, stated that he finds out the story implausible.

The writers have published incorrect cybersecurity reports before. (nobody is ideal, but these previous crimes do raise an eyebrow) Even Rob Joyce, a leading National Security Agency official, stated he’s not discovered “any ties into the claims which are in this report.” He added:”I fear that we are chasing shadows at this time.”

The good thing about the article is that it has raised security consciousness related to supply chain management.  There is more visibility on this issue.  Likely this alone will make manufacturers take another look at vulnerabilities related to hardware security.