Bloomberg has recently been embroiled in controversy after they accused industry supplier Supermicro of supplying motherboards infected with compromised chips which could be used to steal data from servers from companies such as Apple and Amazon. Because the compromise would be at the hardware rather than software level it would be very difficult to detect.
Apple has, however, issued a very strong denial, which has been backed up by reports from the FBI, casting doubt on Bloomberg’s claims.
Now Bloomberg has responded with a new report, stating that a major US telecom company has similarly been infected by compromised hardware from Supermicro. Presumed to be either AT&T, Verizon, T-Mobile or Sprint, Bloomberg’s source is security expert, Yossi Appleboum, who provided them with detailed evidence and analysis which showed that the servers had infected ethernet controllers.
Bloomberg posits that Supermicro’s own supply chain and factories may be compromised, and that counterintelligence agencies may be involved, which would explain why the FBI is not aware of the issue. Bloomberg notes China is using tried and tested spying techniques developed by US intelligence agencies and leaked by CIA contractor Edward Snowden, but that China presents a larger threat due to their stranglehold on the electronics manufacturing market.
While Apple and Amazon have been the most prominent of those named, Bloomberg believes at least 30 companies have been compromised and that much work is currently going on checking hardware for issues.
Supermicro has once again denied any knowledge of such a compromise. Read all the detail at Bloomberg here.