Super Micro says external security audit found no evidence of backdoor chips
In a letter sent out today to its customers, hardware vendor Super Micro Computer said that a security audit performed by a third-party investigations firm found no evidence that Supermicro server motherboards contained any type of backdoor chip.
The company sent out this letter after earlier this year a Bloomberg report claimed that some Supermicro motherboards contained a malicious chip implant inserted on its Chinese assembly lines by Chinese spies. The US news outlet then claimed that some of these servers made it into the networks of government agencies and private companies, such as Apple and Amazon’s AWS.
Super Micro denied all allegations from the get-go, in a press release and in a subsequent customer letter, but also promised to carry out a thorough security audit.
“A representative sample of our motherboards was tested, including the specific type of motherboard depicted in the article and motherboards purchased by companies referenced in the article, as well as more recently manufactured motherboards,” Super Micro said today.
“Today, we want to share with you the results of this testing: After thorough examination and a range of functional tests, the investigations firm found absolutely no evidence of malicious hardware on our motherboards.”
In its letter, Super Micro also thanked Apple and Amazon, which published immediate rebuttals of the Bloomberg story, but also the Department of Homeland Security, the Director of National Intelligence, and the Director of the FBI, “who early on appropriately questioned the truth of the media reports,” Super Micro said.
The Bloomberg article became extremely controversial hours after it was published. Security experts tore the reporting to pieces, people pointed out that the article’s artwork was misleading, and a well-known group of hardware experts cast doubts about the validity of the technical details described in the piece. Even the only named source in the Bloomberg article questioned the reporting.
In the midst of all this, Apple’s CEO went as far as to ask Bloomberg to retract its story, and later pulled Apple’s advertising from the site, in protest.
Despite criticism from all sides, Bloomberg stood by its reporters, although the company did quietly hire another experienced journalist to go over the report with a fine comb at the end of last month.
Related cyber-security coverage:
READ MORE HERE