No malicious chips were found in Super Micro's boards, audit reveals

by Gabriel E. Hall - - 2018-12-13

Super Micro's audit revealed that no motherboards were compromised by Chinese spies

Super Micro claims that China is not guilty of bugging hardware The worldwide organization named Super Micro announces that their motherboards were not bugged after all and China has nothing to do with it.

A few months ago Bloomberg Businessweek claimed that hardware producer Super Micro^[1] sold motherboards with Chinese spying chips embedded in them^[2]. However, the American company Super Micro recently has announced that the Chinese government was not responsible for bugging the hardware after all.

Numerous customers have stopped purchasing products from Super Micro, which resulted in 50% stock market value drop for the company. Since Bloomberg's report, it was believed manufacturing process in China was performed by adding an incredibly small chip to the gear. Some sources have claimed that the goal of such activity was to spy on such companies as Amazon and Apple – regular clients of Super Micro. Additionally, the attempt was made against a U.S. organization – Elemental.

Super Micro claims that all the products undergo excessive testing before reaching customers

There was an announcement that the bugs were firstly found on Super Micro's provided motherboards that were used to support Elemental's servers with power. However, the company has denied all speculations and claimed to have tested the motherboards closely and found no evidence of any bugs included:

As we shared with Bloomberg Businessweek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in Supermicro motherboards in any Elemental or Amazon systems.

Moreover, Super Micro stated that all of their products are tested throughout the manufacturing process, and various inspections (visual, automatic, electrical) are often performed to ensure that all products are produced with the best quality possible. Furthermore, the company reported that all motherboards include a safeguard which is additional protection.

The Super Micro organization and president Charles Liang assured that there were none malicious hardware or components ever found in their products and no clients have ever informed of any type of bug:^[3]

As we have stated repeatedly since these allegations were reported, no government agency has ever informed us that it has found malicious hardware on our products, no customer has ever informed us that it found malicious hardware on our products; and we have never seen any evidence of malicious hardware on our products.

While the spying chips were just a hoax, Chinese international espionage is here to stay

China was also blamed for being involved in the Marriott data breach. As already known, this personal information exposure touched around 500 millions of the Starwood hotel's guests, and all details appeared to be accessible since 2014.^[4] According to researchers, the hackers which were involved in the data breach might be related to China's Ministry of State Security.^[5]

10 Chinese nationals were accused by the United States Department of Justice for attempting to steal personal data of the customers in the U.S. and European companies. Also, there was speculation that the crooks may be guilty of launching attacks against US health insurances and stealing some important files.

However, the Ministry of Foreign Affairs representative claimed that such speculation is not reasonable as there are no specific details about the Marriott data breach location or purpose. Furthermore, the spokesman claimed that an investigation would be performed if evidence is urged:

If offered evidence, the relevant Chinese departments will carry out investigations according to the law.

A spokeswoman from Marriott company has claimed that the organization does not make any speculations in such notable cases as this one.^[6]

Following just hours after the breach was announced, Marriott was involved in a class-action lawsuit that demanded &12.5 billion in compensation. Unfortunately for those affected, it only comes to a $25 payout. However, customers whose passports numbers were compromised were promised for extra compensation.

About the author

Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions

References

^ Supermicro. Wikipedia. The free encyclopedia.
^ Lucia Danes. China produced microchips used to spy on major American companies. 2-spyware. News website.
^ Testing Finds No Malicious Hardware on Supermicro Motherboards. Supermicro. Worldwide company .
^ Jake Doevan. Marriott hack involves 500 million Starwood quests' data. 2-spyware. Daily news.
^ David E. Sanger, Nicole Perlroth, Glenn Thrush, Alan Rappeport. Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing. The New York Times.
^ Steven Musil. Chinese spies reportedly behind massive Marriott hack. Cnet. Popular daily information web page.