New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple Further Refutes Bloomberg Report Suggesting Chinese Spies Tampered With iCloud Servers

Thursday October 4, 2018 1:33 pm PDT by Juli Clover
Apple has gone to unusual lengths to thoroughly and definitively refute a Bloomberg Businessweek article that today suggested Chinese spies had planted microchips in the Chinese-made Supermicro server motherboards that Apple uses in its facilities.

Following the publishing of the article, Apple released a strongly worded statement calling Businessweek's report inaccurate with no evidence to support the claims, and this afternoon, Apple went further and published an entire rebuttal on its website.


Apple's press release includes the same statement that was initially provided to Bloomberg Businessweek, along with additional information that the company says it shared with Bloomberg Businessweek ahead of when the server article was released.

While Bloomberg Businessweek's report claims that Apple reported the alleged microchip incident to the FBI in 2015, Apple told the news site in no uncertain terms that no one from Apple ever reached out to the FBI, nor had Apple ever heard from the FBI about an investigation.

Apple also told Bloomberg Businessweek that despite "numerous discussions" across teams and organizations, no one at Apple had heard anything about the supposed microchip investigation.

Apple's updated statement clarifies that Apple is not under any kind of gag order or held to a confidentiality obligation, and it says clearly that the report is "completely untrue" and that no malicious chips have been found in Apple servers. The full additional statement is below:
The published Businessweek story also claims that Apple "reported the incident to the FBI but kept details about what it had detected tightly held, even internally." In November 2017, after we had first been presented with this allegation, we provided the following information to Bloomberg as part of a lengthy and detailed, on-the-record response. It first addresses their reporters' unsubstantiated claims about a supposed internal investigation:

Despite numerous discussions across multiple teams and organizations, no one at Apple has ever heard of this investigation. Businessweek has refused to provide us with any information to track down the supposed proceedings or findings. Nor have they demonstrated any understanding of the standard procedures which were supposedly circumvented.

No one from Apple ever reached out to the FBI about anything like this, and we have never heard from the FBI about an investigation of this kind -- much less tried to restrict it.

In an appearance this morning on Bloomberg Television, reporter Jordan Robertson made further claims about the supposed discovery of malicious chips, saying, "In Apple's case, our understanding is it was a random spot check of some problematic servers that led to this detection."

As we have previously informed Bloomberg, this is completely untrue. Apple has never found malicious chips in our servers.
Finally, in response to questions we have received from other news organizations since Businessweek published its story, we are not under any kind of gag order or other confidentiality obligations.
Apple's initial statement, available below, was shared this morning after Bloomberg Businessweek published its article claiming Apple discovered illicit microchips in its Supermicro server motherboards that were able to inject code or provide instruction to the CPU with the ultimate goal of providing the Chinese government with access to "high-value corporate secrets and sensitive government networks."

Bloomberg Businessweek claimed to have spoken to officials with knowledge of the investigation, which Apple says did not happen at all.
Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple. Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg's story relating to Apple.

On this we can be very clear: Apple has never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.

In response to Bloomberg's latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers have ever been found to hold malicious chips.

As a matter of practice, before servers are put into production at Apple they are inspected for security vulnerabilities and we update all firmware and software with the latest protections. We did not uncover any unusual vulnerabilities in the servers we purchased from Super Micro when we updated the firmware and software according to our standard procedures.

We are deeply disappointed that in their dealings with us, Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.

While there has been no claim that customer data was involved, we take these allegations seriously and we want users to know that we do everything possible to safeguard the personal information they entrust to us. We also want them to know that what Bloomberg is reporting about Apple is inaccurate.

Apple has always believed in being transparent about the ways we handle and protect data. If there were ever such an event as Bloomberg News has claimed, we would be forthcoming about it and we would work closely with law enforcement. Apple engineers conduct regular and rigorous security screenings to ensure that our systems are safe. We know that security is an endless race and that's why we constantly fortify our systems against increasingly sophisticated hackers and cybercriminals who want to steal our data.
Along with Apple, Bloomberg Businessweek claimed that other companies, such as Amazon, were also affected. Amazon has also issued a similarly worded denial. According to Amazon, the report is untrue and Amazon has never found any issues "relating to modified hardware or malicious chips in Supermicro motherboards" nor has Amazon participated in an investigation with the government.

Supermicro has also denied all reports and says it is not aware of any investigation regarding the topic.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tags: China, The Big Hack
[ 136 comments ]


Top Rated Comments

(View all)

Avatar
iObama
12 months ago

Journalism is going downhill, fast.


Literally how can you say this when you have absolutely ZERO clue whether this story is true or not?

I think rather than journalism going downhill fast, media literacy has been going downhill for years.
Rating: 21 Votes
Avatar
kildraik
12 months ago
I don’t blame them for standing by their word. Bloomberg is huge, as is its audience, and this could result in major public opinion setbacks. Shame on Bloomberg.

They need shocking stories to keep afloat. If the editor did a poor job in their investigative journaling, regardless of authenticity and (lack of) proof, it goes to show you how powerful media snakes can be. The line between conspiracy theory and actual events are becoming blurred.
Rating: 18 Votes
Avatar
magicschoolbus
12 months ago
So.. Do people really think that Bloomberg would be dumb enough to publish an article taking on the two most powerful and valuable companies, along with the Chinese government without credible sources?

The great length by both companies to deny this shows it really got under their skin.. So either Bloomberg is poking a wound or it's really fake news. Somewhere in the middle though, is the truth.
Rating: 15 Votes
Avatar
iObama
12 months ago

Zero clue? Apple just said it's plain false. I certainly trust a formal Apple statement more than Bloomberg.



Resorting to an old school personal attack surely strenghtens your point.


You trust the most valuable company in America to tell the truth about something that could take that very title from them?

That’s insanely sad.
Rating: 14 Votes
Avatar
JPack
12 months ago

As a possible solution: Do you think it's possible for Apple to audit all their servers and remove this chip? Do you think it made it into any iMacs? Is there going to be a mass recall with Line ups at the apple stores with people getting their motherboards serviced? Will the servers work without the chip? So many questions...


At this point, it's more likely the NSA added the chip and then pointed fingers at China when discovered.

Snowden, PRISM, and all that.

After all, Apple has openly refused to help the FBI. What better way to teach Apple a lesson than to seed a fake story?
Rating: 13 Votes
Avatar
smaffei
12 months ago
Well, if Apple doesn't sue Bloomberg for libel, then there's your answer.
Rating: 13 Votes
Avatar
AgentAnonymous
12 months ago

Good on apple to throughly dispute this, won’t stop the haters posting here though.

Apple has strong financial incentive to not admit it even if it’s true. There is no situation where Apple and Amazon would publicly admit to being compromised by China even if a breach did happen.

As such, why is anyone taking Apple’s word at face value? There the least reliable ones to ask in this situation.
[doublepost=1538695261][/doublepost]

Zero clue? Apple just said it's plain false. I certainly trust a formal Apple statement more than Bloomberg.

Lmao, you just randomly believe everything a business tells you, just because? Are you serious? Even if true you do realize there is no situation where Apple would actually admit something like this right? It is helpful to employ critical thinking before commenting on these things.
Rating: 11 Votes
Avatar
drlunanerd
12 months ago
Well, someone is lying.

The Businessweek journalists who reported this could be in deep **** if they're found to be trying to short the stock of the two most valuable companies in the world. It's happened before.
Rating: 10 Votes
Avatar
ignatius345
12 months ago

Zero clue? Apple just said it's plain false. I certainly trust a formal Apple statement more than Bloomberg.


Oh, Apple made a "formal statement" did they? Well that certainly settles it!

Apple has billions of dollars in value invested in their image of keeping your data secure. Is it any surprise at all their PR machine would go into overdrive to refute evidence that their infrastructure (along with that of many other companies) might have been compromised by their Chinese supply chain?
Rating: 10 Votes
Avatar
jona2125
12 months ago

Bloomberg has nothing to lose with this piece, but lots of page views to gain.

It's a cloak and dagger article, with no named sources, redacted documents, nor even grainy images of the so-called chip.

Ars Technica has a similar artical last year theorizing Apple dumped Supermicro for malware found in firmware in their servers and Apple very diligently denied that too even though apparently there was cited reports that Supermicro had issues with Apple refusing to work with them on the issue and providing firmware version that apparently was incorrect and then stopped any discussions further. Does make me wonder why this is a constant thing brought up with decent detail laid out.
Rating: 9 Votes

[ Read All Comments ]