Last week, Apple, Amazon, and Supermicro all denied Bloomberg Businessweek's shocking allegations that Chinese operatives had infiltrated Supermicro's supply chain, added undocumented microchips to its servers, and gained access to data centers of more than 30 US companies.
Now, Apple has written a letter to members of the US Congress to reiterate its denial, calling the story false.
The truth always comes out
"In light of your important leadership roles in Congress, we want to assure you that a recent report in Bloomberg Businessweek alleging the compromise of our servers is not true. You should know that Bloomberg provided us with no evidence to substantiate their claims and our internal investigations concluded their claims were simply wrong," the letter signed by Apple's VP of information security, George Stathakopoulos, stated.
"We are eager to share the facts in this matter because, were this story true, it would rightly raise grave concerns. A compromise of this magnitude, and the effective deployment of malicious chips like the one described by Bloomberg, would represent a serious threat to the security of systems at Apple and elsewhere. That’s why, ever since we were first contacted by Bloomberg’s reporters in October 2017, we have worked diligently to get to the bottom of their allegations."
The company added that it "has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server," and that it was not involved in any FBI investigation regarding such chips.
"If any of the reported details cited above were true, we would have every interest—economic, regulatory, and ethical—to be forthcoming about it," Stathakopoulos said.
Earlier, the Department of Homeland Security put out a statement saying that it had “no reason to doubt the statements from the companies named in the story," echoing a similar comment from the UK's GCHQ.
Bloomberg, meanwhile, appears to be sticking by its reporting. In the original piece published just four days ago, the publication wrote: "The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six US officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks."
One of the reporters, Michael Riley, later wrote on Twitter: "That's the unique thing about this attack. Although details have been very tightly held, there is physical evidence out there in the world. Now that details are out, it will be hard to keep more from emerging."
Whether the story is true or not, the ramifications for Supermicro have been profound - the company's share price halved when the news broke, although it has climbed a few points since.