Cyberwarfare / Nation-State Attacks , Endpoint Security , Fraud Management & Cybercrime

Where Is the Secret Spying Chip Reported by Bloomberg?

Chorus of Criticism Against China Spying Contention Reaches New High
Where Is the Secret Spying Chip Reported by Bloomberg?
An expert says the dubious chip would have to be smaller than any labelled chip on this Supermicro MicroBlade. Photo: ServeTheHome

Where is the secret spying chip devised by China that the news service Bloomberg reported had worked its way into at least U.S. 30 companies, including Amazon and Apple?

See Also: Gartner Insights: Uncover, Investigate, and Respond to Endpoint Threats with EPPs

So far, it appears no one has found it. Bloomberg reported on Oct. 4 that agents with China's People's Liberation Army had infiltrated the supply chain of Supermicro, installing a chip capable of stealing data on servers used for compressing video (see Report: Chinese Spy Chip Backdoored US Defense, Tech Firms).

Bloomberg's story struck fear across the technology industry as a sign of the kind of advanced hacking that experts have warned may be possible within hardware supply chains.

But from the beginning, it drew a mixed and cautious reception, particularly around technical details that experts found inaccurate or implausible. In the three weeks since, the chorus of criticism has grown louder.

Bloomberg stands by the story amid calls for it to provide further proof or retract it.

The stakes are enormous: If top companies have been subjected to secret surveillance by China for years, it could cast doubt on the safety and security of enormous tranches of data, including personal data and intellectual property.

Apple and Amazon: Retract Story

Strong criticism has come straight from the top of Apple and Amazon, which both say they've found no evidence of the chip.

Apple CEO Tim Cook says Bloomberg should retract the story, and Amazon's CISO, Steve Schmidt, has contested the news service's findings.

Matt Blaze, an associate professor in the computer and information science department at the University of Pennsylvania, wrote on Twitter Monday that "it makes no sense" for Amazon and Apple to lie.

"In fact, 'Someone tried but our super duper security mechanisms caught it' would actually have been a better story for them than 'Huh? What?'" Blaze writes.

On Monday, Amazon Web Services CEO Andy Jassy suggested on Twitter that two Bloomberg reporters were manipulated by their sources or took liberties with the information passed to them.

Jassy's suggestion aligns with other - albeit unverified - ideas that the U.S. intelligence community may have wittingly or unwittingly guided Bloomberg to an inaccurate conclusion, which perhaps was amplified by technical misunderstandings of chip hardware.

"I am 100 percent confident the Bloomberg story is specious, and the only question is which of many possible monsters from the Natsec universe got us here," security researcher Dan Kaminsky writes on Twitter.

Shortly after Bloomberg published its story, the U.K.'s National Cyber Security Center and the U.S. Department of Homeland Security said there was no reason to doubt Amazon and Apple's denials (see Super Micro Trojan: US and UK Back Apple and Amazon Denials).

The news organization says it spent a year reporting the story, with 17 anonymous sources, including insiders from Apple and Amazon, backing its contention. It has filed further stories that it says bolsters its findings, including a story on Oct. 9 contending that a major U.S. telecommunications company had found manipulated Supermicro hardware.

Supermicro to SEC: No Tampering Evidence

For its part, Supermicro says it has still found no evidence of malicious hardware chips. In a letter dated Oct. 18 to its customers, the company says it is undertaking "a complicated and time-consuming review" of its hardware. Supermicro filed the letter with the U.S. Securities and Exchange Commission.

Supermicro has filed a letter with the SEC that it sent to shareholders saying it hasn't found malicious hardware.

"As we have said firmly, no one has shown us a motherboard containing any unauthorized hardware chip, we are not aware of any such unauthorized chip and no government agency has alerted us to the existence of any unauthorized chip," Supermicro's notice says.

Any company found to have given false information to a regulatory agency could face sanctions that could negatively affect its share price.

Bloomberg's report alleged that the chip was planted in Supermicro motherboards manufactured in Asia. The motherboards ended up in hardware made for Elemental Technologies, which specializes in video compression software. Amazon acquired Elemental in 2015.

Bloomberg's story contends Apple and Amazon independently discovered the spying chip, while U.S. government intelligence agencies had also uncovered China's plans for a specific supply-chain attack targeting Super Micro as far back as 2014.

An Impossibly Tiny Chip?

The alleged chip is tiny. Bloomberg described it as slightly bigger than a grain of rice.

The story as presented in Bloomberg's Businessweek displayed a photo of a tiny chip on the end of a fingertip. The photo prompted discussion as to whether what was pictured was actually the spying chip. It turns out it wasn't the chip but rather a photo illustration intended to convey size for perspective.

Bloomberg's photo illustration is intended to only convey the size of the spying chip. (Source: Bloomberg Businessweek)

An engrossing report published on Monday by Patrick Kennedy of the server-storage-networking analysis site ServeTheHome tackles many of the technical issues that security experts contend don't quite add up, including the chip's size.

To make a chip and with the functionality that Bloomberg describes "would require amazingly small lithography techniques," Kennedy writes. Perhaps 10 or fewer companies would have been able to do this around 2014, he writes.

The caption for a graphic published in Bloomberg's story says that chips "were built to look like signal conditioning couplers, and they incorporated memory, networking capability and sufficient processing power for an attack."

Bloomberg contends the chip was made in China, but Kennedy writes that "China, at the time, did not have the level of process technology required to make a chip like this. While it seems likely that very small chips exist, during the time period in question, there are likely only a few foundries that could put the functionality listed above in such a small package. Even if one could design a chip that fit into such a small package, getting it made is another challenge."

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.