Apple to Congress: No Chinese spy chips in our servers

(Credit: Apple)

Apple tells Congress that it's found no evidence company servers were ever infiltrated by a Chinese spy chip.

The letter, sent to the Senate and House Commerce Committees, seeks to rebut last week's Bloomberg report, which claimed China had secretly planted tiny spy chips in server motherboards used by close to 30 US companies, including Apple and Amazon.

"In the end, our internal investigations directly contradict every consequential assertion made in the [Bloomberg] article," writes George Stathakopoulos, Apple's VP for information security.

According to Stathakopoulos, Apple has been investigating claims of a Chinese spy chip since October 2017, when Bloomberg reporters first contacted the company about the secret back door into the its servers.

More From PCmag

"Apple's proprietary security tools are continuously scanning for precisely this kind of outbound traffic, as it indicates the existence of malware or other malicious activity. Nothing was ever found," Stathakopoulos says.

The letter doubles down on the company's earlier attempt to refute Bloomberg's reporting, which contends that Chinese spies have been planting the secret spy chip since at least 2015. Bloomberg's story cites 17 anonymous sources, and claims the US is investigating the supply chain attack as part of a top-secret probe.

However, Apple, Amazon and the manufacturer of the server hardware, Super Micro, all vehemently reject the accusations in Bloomberg's report. "You should know that Bloomberg provided us with no evidence to substiantiate their claims and our internal investigations concluded their claims were simply wrong," Stathakopoulos writes.

So far, government agencies appear to be siding with the tech companies in questioning the accuracy of Bloomberg's reporting. On Saturday, the US Department of Homeland Security said it had "no reason to doubt" the statements from Apple, Amazon, and Super Micro. The day prior, the UK's National Cyber Security Centre issued a similar statement.

Bloomberg did not immediately respond to a request for comment. But last Friday, the publication was telling journalists it stood by its reporting. "Bloomberg Businessweek's investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews," the news agency told BuzzFeed. "Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks."

Nevertheless, the security community has yet to uncover public evidence of the supply chain attack.

This article originally appeared on PCMag.com.