Investigation Into Supermicro's Server Motherboards Finds No Malicious Spy Hardware

In October, a report by Bloomberg claimed that spies working for the Chinese government had inserted microchips on Supermicro server motherboards to spy on customers, which Bloomberg reported as affecting Apple and nearly 30 companies in total. Today, the outside investigations firm hired by Supermicro reported its findings, confirming that there is no evidence of any malicious hardware in current or old Supermicro server motherboards, including those used by Apple for iCloud (via Reuters).


Supermicro denied the allegations made in the Bloomberg report when it came out, and in today's letter to its customers said it was not surprised by the new findings. The investigation was performed by global firm Nardello & Co., which tested samples of motherboards in current production, as well as versions that were specifically sold to Apple and Amazon since both of those companies were mentioned directly by Bloomberg.

Nardello & Co. also examined software and design files, and didn't find any unauthorized components or signals being sent out from Supermicro. Customers interested will be able to ask for more details about the investigation, and Supermicro as of now is still reviewing its legal options following the investigation.

The day that "The Big Hack" article came out, Apple quickly released a statement, denying all claims made about the microchips spying on customers. "On this we can be very clear: Apple has never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server," Apple said in its statement.

Eventually both Apple CEO Tim Cook and Supermicro CEO Charles Liang called on Bloomberg to retract the story. Talking to BuzzFeed News, Cook said there is "no truth" to Bloomberg's claims about Apple. As of today, the story remains online.



Top Rated Comments

(View all)
Avatar
14 weeks ago
I think it’s time for Bloomberg to get some unnamed sources to agree to be named or take the story down. Literally nobody and nothing backs them up at this point.
Rating: 26 Votes
Avatar
14 weeks ago
I'm not lawyer, but I'd be surprised if Supermicro or its shareholders don't have a libel case against Bloomberg. From what I've read on this subject, it looks like Bloomberg was extremely careless in their reporting.

Shares in the company dropped nearly 50% the day the story was published. They've recovered somewhat since then (and we'll see what today brings), but the price is still well below it's level before Bloomberg's story.

Apple and others might also have a case, but based on stock price, Supermicro was the one most affected.
Rating: 18 Votes
Avatar
14 weeks ago

I think it’s time for Bloomberg to get some unnamed sources to agree to be named or take the story down. Literally nobody and nothing backs them up at this point.

Not just take it down but print a retraction as well.
Rating: 14 Votes
Avatar
14 weeks ago
But there’s no such thing as fake news. I don’t expect reporters to be 100% right...but this just smells like sensationalism on the part of the news outlet.
Rating: 9 Votes
Avatar
14 weeks ago
Bloomberg needs to be sued to set a precedent for dangerous fake news that can affect other companies financially.
Rating: 6 Votes
Avatar
14 weeks ago

I'm not lawyer, but I'd be surprised if Supermicro or its shareholders don't have a libel case against Bloomberg. From what I've ready on this subject, it looks like Bloomberg was extremely careless in their reporting.

Shares in the company dropped nearly 50% the day the story was published. They've recovered somewhat since then (and we'll see what today brings), but the price is still well below it's level before Bloomberg's story.

Apple and others might also have a case, but based on stock price, Supermicro was the one most affected.

I think you are 100% correct. Unless Bloomberg has some proof that they haven’t shared yet, they should pay a price for this disinformation that is destroying companies.
Rating: 6 Votes
Avatar
14 weeks ago

I'm not lawyer, but I'd be surprised if Supermicro or its shareholders don't have a libel case against Bloomberg. From what I've ready on this subject, it looks like Bloomberg was extremely careless in their reporting.

Shares in the company dropped nearly 50% the day the story was published. They've recovered somewhat since then (and we'll see what today brings), but the price is still well below it's level before Bloomberg's story.

Apple and others might also have a case, but based on stock price, Supermicro was the one most affected.

The piece missing from this article is just that - Supermicro is looking into legal action (at least from reporting on other blogs)
Rating: 5 Votes
Avatar
14 weeks ago
At this point Bloomberg seriously need to print a retraction and apologise! They clearly got this one wrong.
Rating: 4 Votes
Avatar
14 weeks ago
I'm not sure at this point what Bloomberg has to gain from digging their heels in on this one. It's almost indisputable that if their story was accurate, one of the millions of Supermicro servers out there in data centers or with customers would have been taken apart and the "spy chip" shown to the world. There would be a massive motive for any security researcher or firm to find one of these modified servers and ample supply/opportunity to do so, and yet absolutely nothing.
Rating: 3 Votes
Avatar
14 weeks ago
And Michael Bloomberg... Start by owning your company’s mistake. Admit your people were wrong, issue an apology, and push your people to do better.
Rating: 2 Votes
[ Read All Comments ]