A tiny microchip planted on servers’ motherboards by the Chinese army has created a secret backdoor into the hardware of some of the world’s biggest tech companies and US government agencies, according to an investigation by Bloomberg.
The chip is believed to have been planted early in the supply chain during the manufacturing of motherboards found in the servers eventually used by American companies including Apple and Amazon. Both companies have disputed the Bloomberg reports.
The business publication is reporting an ongoing top secret US investigation into Portland-based server company Elemental Technologies – which supplies servers for several US intelligence agencies as well as Apple and Amazon – has found its supplier had sourced secretly altered motherboards from China that allow stealth access to any network using the servers.
Amazon reportedly discovered the secret microchips, about the size of a grain of rice, when it hired a company to scrutinise Elemental Technology’s products as part of its due diligence before acquiring the company in 2015.
According to Bloomberg, Amazon reported the foreign microchips to US authorities “sending a shudder through the intelligence community” and sparking the secret investigation of Elemental Technologies and its suppliers.
The firm supplying the motherboards to Elemental Technologies is San Jose-based Super Micro Computer Inc. The company is commonly known as Supermicro and has hundreds of other customer leading to speculation the extend of the infiltration may be even greater.
“The chips had been inserted during the manufacturing process… by operatives from a unit of the People’s Liberation Army,” Bloomberg reports.
“In Supermicro, China’s spies appear to have found a perfect conduit for what US officials now describe as the most significant supply chain attack known to have been carried out against American companies.”
Currently US official believe almost 30 companies have been affected including Apple, a major bank and government contractors, according to the Bloomberg report.
Insiders at Apple told Bloomberg the company had discovered the secret microchips in 2015 and severed ties with Supermicro a year later for “unrelated reasons”.
Apple, Amazon and the server supplier Supermicro have challenged Bloomberg’s reporting.
“It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental,” Amazon wrote in en email statement.
“On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” Apple wrote.
A spokesperson for Supermicro contends, “We remain unaware of any such investigation.”
According to Bloomberg, the Chinese government did not directly address their questions about tampering with Supermicro servers. US intelligence agencies declined to comment.
Bloomberg maintains that as many as 17 insiders across Amazon Web Services, Apple and the official US investigation have confirmed the server manipulation.
One government official told Bloomberg China’s goal was long-term access to highly valued corporate intelligence and sensitive government networks.