A blockbuster report highlighted the existence of Chinese spy chips inserted into the supply chain of a leading US server provider.
Many companies are affected by the alleged sophisticated spying campaign, so they vigorously denied the report.
These companies included the server company itself, Supermicro, and customers Amazon and Apple — who were also backed by the UK’s GCHQ and the US Department of Homeland Security (DHS).
The report was apparently required by Yossi Appleboum, a former Israeli army tech specialist and now co-CEO of US-based Sepia Systems.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
According to the report, he discovered unusual communications from a Supermicro server; which after a further inspection revealed that an implant is built into the Ethernet server’s connector. This implant appeared to be similar to other manipulations he’d seen by Chinese suppliers.
As soon as the accusations emerged Supermicro claimed to have no knowledge of any unauthorized components and complained it was not given enough time or info to respond to the new allegations.
This latest hardware manipulation is different from the microchips that have been placed on motherboards which have subsequently been sold unwittingly to 30 major tech companies.
However, in both cases, the microchips had the same purpose, of providing unauthorized access to the network the server is installed on. When investigated it was found to have been made at the factory as the motherboard was being produced by a Supermicro subcontractor in China.
Apple has denied the allegations in the strongest terms, taking the unprecedented step of writing to lawmakers on the House and Senate commerce committees to reiterate these sentiments.
However, this must stand as a strong reminder of the risks posed by modern global supply chains.
Companies must protect themselves by practicing defense-in-depth, especially across their supply chain.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.