Unnamed US telecom company implicated in alleged malicious chip hack

Unnamed US telecom company implicated in alleged malicious chip hack

Digging a little deeper, Bloomberg reached out to all major USA telecom companies, and got upfront denials from all but T-Mobile, inferring that this may be the company in question.

Joyce noted that all of the companies named in the Bloomberg Businessweek report have issued strong denials, including Apple, Amazon, and Supermicro. In response to the earlier Bloomberg Businessweek investigation, China's Ministry of Foreign Affairs didn't directly address questions about the manipulation of Supermicro servers but said supply chain security is "an issue of common concern, and China is also a victim".

Based on his inspection of the device, Appleboum determined that the telecom company's server was modified at the factory where it was manufactured. Appleboum provided documents, analysis and other evidence of the manipulated hardware, according to Bloomberg, which didn't publish the documents with the article.

The Bloomberg story doesn't identify the telecommunications company "due to Appleboum's nondisclosure agreement with the client". We've asked Charter for comment and will let you know if it responds.

While targeted companies have been quick to refute the hack, USA officials are not discarding it outright and did not comment on the goings-on.

While the hardware manipulation reported Tuesday is different from the one described last week, Bloomberg said they shared key characteristics, namely that they were both created to "give attackers invisible access to data on a computer network in which the server is installed".

Last week, Bloomberg Businessweek wrote a bombshell report alleging that US federal investigators had found sabotaged hardware built in China and sold widely throughout American supply chains - Apple, Amazon, and even the Central Intelligence Agency had been using tampered chips in their data center motherboards, it was claimed.

More news: Trump on 831 Stock Market Drop: Fed Has Gone Crazy
More news: Google Home Hub vs. Amazon Echo Show: Smart Display Showdown
More news: Nickelback Knows Exactly How to Handle Your Very Mean Tweets

The new article also comes in the wake of a second, even stronger denial of the key elements of the story by Apple - sent to IS Congress committees - as well as statements from the intelligence wings of both the United Kingdom and USA governments that push the idea that Bloomberg may have made a serious reporting mistake.

A major USA telecommunications company discovered manipulated hardware from Supermicro in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working for the telecom company.

Bloomberg claimed that its report is getting results, as security teams around the world are now "analyzing their servers and other hardware for modifications, a stark change from normal practices". AT&T, Sprint, T-Mobile and Verizon (our parent company) have all denied being affected, with AT&T and Sprint explicitly stating that they don't use Super Micro hardware.

"The security of our customers and the integrity of our products are core to our business and our company values", Supermicro said in a statement. "We take care to secure the integrity of our products throughout the manufacturing process and follow rigorous industry quality and security standards".

Yossi told Bloomberg he's seen similar manipulations in other vendors' hardware made by contractors in China.

"We still have no knowledge of any unauthorized components and have not been informed by any customer that such components have been found", Supermicro said. He also told Bloomberg there are countless points in the supply chain in China where hacked hardware can be introduced.

First published October 9, 9:11 a.m. PT. Update, 1:24 p.m. PT: Adds comment from Supermicro.

Related Articles