Major US telecom was infiltrated by backdoored Supermicro hardware, Bloomberg says

Doris Richards
October 11, 2018

Supermicro also challenged the details of the report, which claimed up to 30 companies that purchased its products were affected, including government contractors.

The hacked hardware found on the telecom company's server is further evidence of "tampering in China of critical technology components bound for the USA", according to Bloomberg.

In its most recent story, Bloomberg claims to have seen "documents, analysis and other evidence" of Chinese interference: in this case "manipulated hardware" stemming from Super Micro that was discovered in the network of a large U.S. telecoms company and pulled out in August.

He said that unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server's Ethernet connector, a component that's used to attach network cables to the computer.

Now Bloomberg has responded with a new report, stating that a major U.S. telecom company has similarly been infected by compromised hardware from Supermicro.

"The module looks really innocent, high quality and "original" but it was added as part of a supply chain attack", said Appleboum. "That's the problem with the Chinese supply chain", he said.

Supermicro, based in San Jose, California, gave this statement: "The security of our customers and the integrity of our products are core to our business and our company values".


Appleboum said he has contacts in the US intelligence community who pinpointed the origin of the compromised computer components as Guangzhou, the port city often hailed as the "Silicon Valley" of China. "We are dismayed that Bloomberg would give us only limited information, no documentation, and half a day to respond to these new allegations". AT&T flatly denied it was the telecom company in question, while Verizon, T-Mobile, and Sprint declined to comment on the story.

While it would be foolish to entirely dismiss the Bloomberg article altogether, right now it certainly seems like the publication needs to come forward and reveal some more details to make its case.

Now, one of the few named sources in the original story - Joe FitzPatrick, a hardware security expert, who is only quoted in relation to a hypothetical scenario where a piece of "hardware opens whatever door it wants" - says he highly doubts the report is accurate.

Bloomberg Businessweek raised eyebrows earlier this month with a report claiming to have uncovered evidence that a nation-state attacker had implanted tiny components in server hardware manufactured in China on behalf of Super Micro Computer (known as Supermicro).

Tapping into a private server via the hardware would be a complicated process that also requires a degree of luck, said Li Aijun, chipset head at Intellifusion, a Shenzhen-based provider of artificial intelligence technology created to help police catch traffic violators. But they're reminders that we have a long way to go until this troubling reporting should be taken as fact. It is also possible that Apple and Amazon have walled-off security arms that do not communicate with the larger corporate body and it is them that discovered the spy chip and worked with intelligence agencies.

On Monday, Apple execs sent a letter to the House and Senate commerce committees urging lawmakers to pressure Supermicro to brief them about the alleged breach. "You should know that Bloomberg provided us with no evidence to substantiate their claims and our internal investigations concluded their claims were simply wrong".

Other reports by Iphone Fresh

Discuss This Article

FOLLOW OUR NEWSPAPER