Apple, Amazon deny report malicious chip from China entered its supply chain


Apple Inc. and Amazon¬†denied a Bloomberg report on Thursday that their systems contained malicious computer chips inserted by Chinese intelligence, according to the tech companies’ statements released separately by Bloomberg.

Bloomberg Businessweek cited 17 unnamed intelligence and company sources as saying that Chinese spies had placed computer chips inside equipment used by around 30 companies, as well as multiple U.S. government agencies, which would give Beijing secret access to internal networks.

Reuters was unable to reach Apple, Amazon or representatives with the Federal Bureau of Investigation, the Department of Homeland Security Agency and the National Security Agency for comment.

China’s Ministry of Foreign Affairs did not immediately respond to a written request for comment on Thursday. Beijing has previously denied allegations of orchestrating cyberattacks against Western companies.

Amazon, in a statement published by Bloomberg, said: “We’ve found no evidence to support claims of malicious chips or hardware modifications.”

Apple said it had refuted “virtually every aspect” of the story in on-record responses to Bloomberg. “Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” the company said.

Bloomberg reported that the malicious chips were planted by a unit of the Chinese People’s Liberation Army, which infiltrated the supply chain of a hardware company called Supermicro. The operation is thought to have been targeting valuable commercial secrets and government networks, the news agency said.

Separate warning from U.S. government

Supermicro, a leader in the supply of servers and motherboards, operates out of San Jose and was founded in 1993 by a Taiwanese-born engineer.

Apple, according to the report, ended its business relationship with Supermicro in 2016.

There have been increased concerns about foreign intelligence agencies infiltrating U.S. and other companies via so-called “supply chain attacks,” particularly from China where multiple global tech firms outsource their manufacturing.

The U.S. government on Wednesday warned that a hacking group widely known as cloudhopper, which Western cybersecurity firms have linked to the Chinese government, has launched attacks on technology service providers in a campaign to steal data from their clients.

The warning came after experts with two prominent U.S. cybersecurity companies warned this week that Chinese hacking activity has surged amid the escalating trade war between Washington and Beijing.


With files from CBC News


Leave a Reply