Posted on by

Apple, U.S. Intelligence Refute Bloomberg Spying Claims. Who’s Right?

Reading Time: 6 minutes.

The big hack. A chip the size of a grain of sand on a fingertip is shown

Bloomberg Businessweek published a scathing report of a Chinese hardware based hack that apparently affected the U.S. government, Apple, Amazon, and others. However, the report has been heavily disputed. Apple has called for a retraction, the U.S. government has reported that no hack occurred. However, Bloomberg spoke with 17 anonymous sources within Apple, Amazon, and the U.S. Intelligence community to form the report. Who’s right, and what’s at risk here?

The Report

How the hack worked, summarized: A chinese microchip as small as a pencil is placed on the hardware at the factory, memory, networking compotents, and otherwise. The motherboards are then used by other companies. The chip enabled alterations to the operating system and hardware in the future to go undetected

via Bloomberg Businessweek, Illustrated by Scott Gelber

“Two of Elemental’s biggest early clients were the Mormon church, which used the technology to beam sermons to congregations around the world, and the adult film industry, which did not.”

– Jordan Robertson and Michael Riley, Bloomberg Businessweek

Elemental creates powerful hardware for video processing. They’ve had a variety of contracts, from Amazon to the CIA and even the Mormon Church. Their video tech helps companies process video for different devices and network speeds. Amazon purchased the company and created Amazon Prime Instant Video out of it. When Amazon bought Elemental in 2015, they did a security review. It was during this review that an independent firm found a small chip embedded on the motherboards of the Elemental machines that wasn’t in the original designs. The chip was installed by a third party, without Elemental’s knowledge.

“Think of Supermicro as the Microsoft of the hardware world. Attacking Supermicro motherboards is like attacking Windows. It’s like attacking the whole world.”

– Anonymous U.S. intelligence source

This lead to an investigation into Super Micro Computer Inc. (Supermicro), who created the motherboards Elemental uses. Supermicro creates hardware for many companies, and therefore may have increased the scope of this hack. Through a variety of methods, hackers had gotten a small chip installed on Supermicro motherboards, which were then used in large datacenters by a variety of companies and intelligence agencies. Overall, almost 30 companies were affected, including banks, government contractors, Amazon, and Apple. According to an insider, Apple severed ties with Supermicro after these chips were discovered on hardware they were buying for their data centers.

What’s a Hardware Hack?

Chip next to a penny. Its size is around the size of three of the letters in "Liberty" on the penny.

Is it a standard signal conditioning coupler, or a microchip? Photo: Victor Prado/Bloomberg Businessweek

Hardware hacks are rare, and usually require either extreme levels of targeting or a country’s resources at your disposal. We know that the United States uses hardware hacking techniques involving interception. They intercept shipments, install their hardware, and send them to the intended recipients. This is a hardware version of a “man-in-the-middle” attack. However, there’s another method. Infiltrate the facility creating the hardware, and place your spying devices in the hardware then. This is how this hack was carried out.

China is uniquely positioned for this kind of hardware attack. Because so many electronics manufacturers use Chinese companies to assemble their devices, the Chinese government can easily compromise the security of these companies. From there, they can install hardware and take control of machines after they’ve been shipped to customers. Companies that find out about the government’s work comply, as government overreach is a serious problem in China.

Hardware hacks are easy to track down when they originate from a factory. Agencies can track changes made to hardware can to a specific point of origin, right down to the person who assembled it. Because of this, we know this particular hack is Chinese in origin, specifically the People’s Liberation Army, the armed forces of China.

How Did the Hack Work?

When companies design hardware, they work to not only make their machines fast and reliable, but also secure. Security isn’t just a software thing. Manufacturers make their hardware so their clients can easily separate out memory, storing some items in locations inaccessible to apps, and forbidding interaction with unencrypted data. However, a hardware hack will copy vital data to other places in memory. From these additional locations, a software based hack can easily pull information from the machine.

Have you ever seen a spy movie where someone places a piece of tap over a door’s mechanism so it can’t lock later? That’s analogous to these hardware hacks. The security should work, but, thanks to this small chip, someone can come by later and perform an easy hack to retrieve secure information.

Is my Information Safe?

Your information is likely safe. Not even the Bloomberg report mentions consumer data theft. The Chinese government isn’t interested in the personal information on individuals. However, they did want to compromise U.S. Intelligence agencies like the CIA, FBI, and NSA. According to Bloomberg, they were successful.

Apple, Amazon, and U.S. Intelligence Responses

Apple’s Response

“Over the course of the past year, Bloomberg has contacted us multiple times with claims … of an alleged security incident at Apple. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple. On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.”

– Part of Apple’s Press Release

“I personally talked to the Bloomberg reporters along with Bruce Sewell who was then our general counsel. We were very clear with them that this did not happen, and answered all their questions. Each time they brought this up to us, the story changed and each time we investigated we found nothing.”

“I feel they should retract their story. There is no truth in their story about Apple. They need to do that right thing and retract it.”

– Tim Cook, Apple CEO

Apple has never asked a news agency to retract a story. However, Tim Cook, speaking with BuzzFeed News, did just that. Apple has repeated multiple times that they have not found any evidence that they were using hacked hardware from Supermicro. They’ve done a thorough investigation every time Bloomberg came to them with a different version of the story, and, every time, found nothing.

Even anonymously, high level Apple employees say they don’t know what Bloomberg is talking about. They don’t have any information confirming the reporting, neither the reporting around hacked hardware nor the claim that Apple has been working with the FBI, CIA, or NSA. Sources say that Apple is under no constraints, and can speak publicly. There’s just nothing to talk about.

Apple believes that Bloomberg’s reporting likely is confused about a 2016 case where Apple found a Supermicro machine that did have a security vulnerability. Apple found it, and discovered that its presence was accidental. It was not hardware, but an infected driver, and was resolved as part of Apple’s normal screening process. They found nothing remotely close to Bloomberg’s claims.

Amazon’s Response

“Today, Bloomberg BusinessWeek published a story claiming that AWS was aware of modified hardware or malicious chips in SuperMicro motherboards in Elemental Media’s hardware at the time Amazon acquired Elemental in 2015, and that Amazon was aware of modified hardware or chips in AWS’s China Region.

As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue.”

– Stephen Schmidt, Amazon

Amazon made one post about the incident on their blog and hasn’t spoken about it since. They claim that they never found modified hardware or malicious chips in their systems, and have not worked with the government either.

U.S. Intelligence Responses

“The Department of Homeland Security is aware of the media reports of a technology supply chain compromise. Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story.”

– Department of Homeland Security Response

“We are not taking anything for granted. We haven’t seen anything, but we’re always watching.”

– Dan Coats, U.S. director of national intelligence

U.S. intelligence agencies seem to be coming to the aid of Apple and Amazon. They’ve stated that they do not know of any hacks, and have no reason to distrust Apple, Amazon, and others. Simply put, they’re not denying that a hack may have taken place, or that they may be investigating it, only that the evidence they’ve found so far has not refuted Apple’s or Amazon’s claim.

That doesn’t mean that it didn’t happen though. In fact, it’s carefully worded as to keep anyone from making a definitive argument based on their stattements.

Bloomberg’s Rebuttal

Bloomberg is standing behind their report, pointing out that it was formulated through speaking to 17 insiders and over 100 interviews. Individual sources within the government and these companies corroborated each others’ stories independently. Typically, this is a clear indicator that a story is true.

Companies have reason to deny reports like this. If consumers feel as though the company isn’t secure, they won’t be willing to buy their products or do business with them. A key selling point of Amazon’s AWS is its security. If the Chinese can compromise that security, Amazon loses their ability to market to businesses as well as the U.S. government, which has used AWS in the past. Companies could also face charges for failing to reveal security vulnerabilities in Europe. However, the fact that the U.S. intelligence community has backed Apple and Amazon’s claims shows that this could be more than marketing.

Who’s Right?

Who’s right? U.S. intelligence agencies could have decided that they need to calm public fears over hacking. It’s possible that they’re backing Apple and Amazon to qualm consumers’ apprehension. However, this is unlikely, and conspiracy-level thinking. The story may have truth to it, but never affected Apple or Amazon because the companies sidestepped the hacked hardware in other ways. Its possible that no one is lying, that there was an attempt to create a hardware hack for all Supermicro customers, but the reach was smaller than planned.

Right now, it’s Bloomberg’s reporting and anonymous sources vs businesses who have a reason to lie and an intelligence community that likes to keep its secrets. We may never get to the bottom of the issue unless someone admits fault. That’ll likely never happen. However, we do know that your data is likely safe—not even Bloomberg is claiming otherwise—so there’s little reason to be concerned… for now.

Sources: