National Cyber Security Centre backs Apple and Amazon after Chinese hacking claims
Bloomberg yesterday reported that servers bought by 30 global firms, including Apple and Amazon, were carrying tiny chips planted by the Chinese government
The UK's National Cyber Security Centre (NCSC) has backed Apple and Amazon after the pair were included in a report by Bloomberg, which claimed dozens of firms had bought servers tampered with by the Chinese government.
The report claimed that a Chinese intelligence division had been inserting tiny microchips into the motherboards of servers manufactured by Super Micro, which had then been purchased by around 30 global firms including Apple and Amazon.
Bloomberg also claimed that the two tech giants, along with the US government, had discovered the hack in 2015 - an allegation which all three parties deny, as does Super Micro. The Chinese government also denies any involvement.
The British government has now thrown its weight behind Amazon and Google. The NCSC, part of GCHQ, said in a statement reported by Reuters: "We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS and Apple.
"The NCSC engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us."
Shares in Chinese tech firms have taken a battering since the report was published, despite denials from every organisation referenced by Bloomberg.
Super Micro's share price tanked by over 55 per cent yesterday, while Lenovo (which was not mentioned in the report) saw its share price tumble by over 20 per cent.
In an unusual move, Apple attacked Bloomberg's claims head-on a statement, criticism the news agency for its "inaccurate reporting".
"Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple," the vendor said.
"Each time, we have conducted rigorous internal investigations based on their enquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg's story relating to Apple.
"On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations' or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident."
Bloomberg reported that the chips are only slightly larger than a grain of rice, and were inserted into the servers during the manufacturing process, which it said was undertaken by a sub-contractor on behalf of Super Micro.
The agency claimed that both Apple and Amazon discovered the breach in 2015, with Apple ending its relationship with Super Micro in the following year for what it say were "unrelated reasons".