In a letter sent out today to its customers, hardware vendor Super Micro Computer said that a security audit performed by a third-party investigations firm found no evidence that Supermicro server motherboards contained any type of backdoor chip.
The company sent out this letter after earlier this year a Bloomberg report claimed that some Supermicro motherboards contained a malicious chip implant inserted on its Chinese assembly lines by Chinese spies. The US news outlet then claimed that some of these servers made it into the networks of government agencies and private companies, such as Apple and Amazon's AWS.
"A representative sample of our motherboards was tested, including the specific type of motherboard depicted in the article and motherboards purchased by companies referenced in the article, as well as more recently manufactured motherboards," Super Micro said today.
"Today, we want to share with you the results of this testing: After thorough examination and a range of functional tests, the investigations firm found absolutely no evidence of malicious hardware on our motherboards."
In its letter, Super Micro also thanked Apple and Amazon, which published immediate rebuttals of the Bloomberg story, but also the Department of Homeland Security, the Director of National Intelligence, and the Director of the FBI, "who early on appropriately questioned the truth of the media reports," Super Micro said.
The Bloomberg article became extremely controversial hours after it was published. Security experts tore the reporting to pieces, people pointed out that the article's artwork was misleading, and a well-known group of hardware experts cast doubts about the validity of the technical details described in the piece. Even the only named source in the Bloomberg article questioned the reporting.
- UN finds cybersecurity is a struggle worldwide (CNET)
- Websites are attacked 58 times a day, even when patched properly (TechRepublic)
Despite criticism from all sides, Bloomberg stood by its reporters, although the company did quietly hire another experienced journalist to go over the report with a fine comb at the end of last month.
- ESET discovers 21 new Linux malware families
- Over 40,000 credentials for government portals found online
- New Linux crypto-miner steals your root password and disables your antivirus
- The CoAP protocol is the next big thing for DDoS attacks
- Half of the Tor Project's funding now comes from the private sector