Apple and Amazon on Thursday strongly denied an explosive report that Chinese hackers implanted spying microchips in the companies’ servers, compromising the security of sensitive technology.
Continue Reading Below
Bloomberg Businessweek said early Thursday an extensive investigation had disclosed that agents of the People’s Liberation Army managed to insert the chips in servers used by numerous data centers of nearly 30 U.S. companies – including Apple and Amazon -- as well as U.S. government contractors.
Citing 17 unnamed intelligence and corporate sources, the outlet said the hacking is "the most significant known supply chain attack ever against U.S. companies,” but that no consumer data was compromised.
The malicious microchips were traced to subcontracting factories that manufactured motherboards for Super Micro, based in San Jose, California. Chinese operatives bribed or bluffed officials in those subcontracting factories to change motherboard designs so the Chinese chips could be implanted in the motherboards.
Apple and Amazon found surveillance chips from China in their server hardware, which was provided by Super Micro, the news outlet said. Upon the discovery, Amazon reportedly alerted U.S. authorities, which sent "a shudder through the intelligence community," Bloomberg wrote.
The goal of the hack was not to gain consumer data, but rather to have "long-term access to high-value corporate secrets and sensitive government networks." Bloomberg noted that the investigation is still ongoing, three years after the initial discovery.
A source familiar with the CIA's inner workings told FOX Business that they doubted China was able to get a chip to "infiltrate" U.S. intelligence agencies.
The source also said they are "sure that the Chinese did in fact do this to certain manufacturers ...Whether or not the specific servers purchased by that agency had that chip in the motherboard -- that’s up in the air."
Apple, which removed Super Micro servers in 2015 and cut ties with Super Micro the following year, said that despite several "rigorous" internal investigations it found no evidence for Bloomberg's claims.
"On this we can be very clear: Apple has never found malicious chips, hard manipulations or vulnerabilities purposely planted in any server,” the company said. “Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor our contacts in law enforcement," the company said.
Amazon also denied the Bloomberg Businessweek report.
"As we shared with Bloomberg BusinessWeek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Additionally, we have not engaged in an investigation with the government," a spokesperson for Amazon Web Services told FOX Business.
Super Micro did not immediately respond to FOX Business' request for a comment.