Apple and Amazon Call BS on Chinese Spy Microchip Report

By Alex Cranz on at

Hours after Bloomberg Businessweek claimed Apple and Amazon were two among many victims of an extreme Chinese espionage operation, the two companies have fired back with lengthy statements repeatedly denying Bloomberg’s report and calling the reporting itself into question.

Bloomberg’s report is terrifying and suggests that Apple and Amazon, the United States’ wealthiest two corporations, were subjects of an ongoing espionage operation perpetrated by China’s People’s Liberation Army. The report reads, at times, as something straight out of a spy-fi movie, with China using microchips the size of a grain of rice soldered onto common servers produced by server manufacturer Super Micro to create backdoors into major corporations and government agencies.

Such backdoors could allow the PLA access to anything that appears on those servers. Apple and Amazon were two of the most notable reported victims, with, according to Bloomberg, Apple’s Siri and Topsy servers affected and Amazon’s AWS servers affected.

In Apple’s press release, the company insists that its servers were never compromised, and as proof it claims:

“Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers have ever been found to hold malicious chips.”

In Amazon’s response, the company’s chief information security officer Steve Schmidt states: “There are so many inaccuracies in ‎this article as it relates to Amazon that they’re hard to count.” The post goes on to specifically say that Bloomberg’s claim of Amazon selling potentially infected servers to its Chinese partner Sinnet is “absurd.”

Out of the two press releases, the most noteworthy comment came from Apple, which says that its objections to the story are not due to confidentiality agreements or gag orders. Such agreements and orders are typical for companies that are involved in investigations by the US government into matters of national security.

Bloomberg responded to our request for comment by directing us to this statement issued earlier today.

Bloomberg Businessweek’s investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews. Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks. We also published three companies’ full statements, as well as a statement from China’s Ministry of Foreign Affairs. We stand by our story and are confident in our reporting and sources.