Tim Cook has responded to Bloomberg for a story that states that the servers of technology giants, including Apple's spy chips.
Apple, Amazon and Super Micro, Chinese motherboard maker Bloomberg said it introduced the chips, all denied the claims, which were "not much bigger than a grain of rice," would have given China unprecedented backdoor access to computers and data.
"There is no truth in his story about Apple," Cook told BuzzFeed News in a telephone interview. "They have to do the right thing and retire."
Scroll down to watch the video
Apple's president, Tim Cook, center, speaks with Qu Zhangcai, left, and Liu Zhipeng, right, founders of the Xichuangzhu software application, during a visit to Confucius Tempe in Beijing earlier this month. Tim Cook has responded to Bloomberg for a story that states that the servers of technology giants, including Apple's spy chips.
"We turned the company around," Cook said.
& # 39; Searches by email, data center records, financial records, shipping records.
"Really forensic we crossed the company to deepen and every time we returned to the same conclusion: this did not happen". There is no truth in this.
When asked if a scenario like the one Bloomberg described could happen without his knowing it, Cook responded: "The probability of it being virtually zero."
However, Bloomberg says he stayed true to the story, telling Buzzfeed: "Bloomberg Businessweek's research is the result of more than a year of reports, during which we conducted more than 100 interviews."
Seventeen individual sources, including government officials and corporate informants, confirmed the hardware manipulation and other elements of the attacks.
& # 39; We also publish the full statements of three companies, as well as a statement from the Ministry of Foreign Affairs of China. We support our history and trust our reports and sources. "
Apple strongly denied the report in a statement, saying in a statement posted on its website: "Over the course of last year, Bloomberg contacted us several times with claims, sometimes inaccurate and sometimes complex, of an alleged security incident in Manzana. .
How it worked
This is how the anonymous officials say that the chips operated. All his claims were refuted by Amazon, Apple and Supermicro.
The chip was designed by spies of the People's Liberation Army of China, according to US government officials. UU Quoted in the Bloomberg report.
Once completed, the spies approached the factory managers of the four subcontractors hired by Supermicro to manufacture servers.
They were intimidated into incorporating the chips into the motherboards by bribing them and threatening to shut down the factories, it is said, all the time posing as Supermicro designers or Chinese government officials.
Once the chips were loaded onto the motherboards, they were included in the servers and sent to Supermicro customers.
When the server was on, the chips were activated.
Above is an example of a Supermicro motherboard. Apple, Amazon and Super Micro, the Chinese motherboard firm that is believed to have introduced the chips, have denied the report.
They were discrete couplers and signal conditioning that are common in the motherboards, so they are not detected.
Once activated, they could essentially allow hackers to do what they wanted, according to the report.
Amazon never used its products in the USA. But he did use them in Beijing in his AWS data center, according to the report.
Apple, on the other hand, was using them sporadically & # 39; but it increased their confidence in them when it acquired a startup designed to accelerate Siri, the voice assistant function.
No data was stolen from consumers, officials say, but the threat posed by the chips was extraordinary.
& # 39; Each time, we have conducted rigorous internal investigations based on your research and each time we have not found any evidence to support any of them.
"We have repeatedly and consistently offered objective answers, in the record, rebutting virtually all aspects of Bloomberg's history related to Apple.
"In this we can be very clear: Apple has never found malicious chips, hardware manipulations, or vulnerabilities planted on purpose on any server." Apple never had contact with the FBI or any other agency about an incident of This type & # 39 ;, added the signature.
The data center hardware used by Apple, Amazon and dozens of other US companies. UU It may have been equipped with tiny microchips placed there by Chinese spies, according to an explosive report
Similarly, Amazon Web Services, which oversees the data center team that was believed to be the attack, denied the report's findings.
& # 39; As we share with Bloomberg BusinessWeek several times during the last two months, this is not true. At no time, past or present, have we encountered problems related to modified hardware or malicious chips on the SuperMicro motherboards in the Elemental or Amazon systems. We also have not participated in an investigation with the government, "said Steve Schmidt, director of information security for Amazon Web Services, in a statement posted on its website.
The firm also denied knowledge of any hardware modifications.
There are so many inaccuracies in this article regarding Amazon that are hard to tell.
& # 39; … Safety will always be our top priority. AWS has the confidence of many of the most risk-sensitive organizations in the world, precisely because we have demonstrated this unwavering commitment to putting their safety above everything else.
"We are constantly attentive to potential threats to our customers, and we take quick and decisive action to address them every time they identify," Schmidt added.
READ THE COMPLETE APPLE STATEMENT IN THE SPY CHIP REPORT
What Businessweek was wrong about Apple
The October 8, 2018 issue of Bloomberg Businessweek incorrectly reports that Apple found & # 39; malicious chips & # 39; on the servers of your network in 2015. As Apple has repeatedly explained to Bloomberg reporters and editors in the last 12 months, there is nothing true about these claims.
Apple provided Bloomberg Businessweek with the following statement before its story was published:
In the course of last year, Bloomberg contacted us several times with claims, sometimes inaccurate and sometimes complex, of a supposed security incident at Apple. Each time, we have conducted rigorous internal investigations based on your research and whenever we have not found any evidence to support any of them. On repeated occasions, we have offered objective answers, refuting, refuting virtually all aspects of Bloomberg's history related to Apple.
In this we can be very clear: Apple has never found malicious chips, & # 39; hardware manipulations & # 39; or vulnerabilities purposely planted on any server. Apple never had contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, or our contacts in the application of the law.
In response to the latest version of Bloomberg's narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been implemented on servers that Super Micro sold us; and Topsy's data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers has been found to contain malicious chips.
As a practice, before the servers are put into production at Apple, they are inspected for security vulnerabilities and we update all the firmware and software with the latest protections. We did not discover any unusual vulnerabilities in the servers we purchased from Super Micro when we updated the firmware and software according to our standard procedures.
We are deeply disappointed that in their relationships with us, Bloomberg reporters have not been open to the possibility that they or their sources are wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected controller on a single Super Micro server in one of our laboratories. It was determined that this single event was accidental and not an attack directed against Apple.
While there was no claim that customer data was involved, we take these allegations seriously and we want users to know that we do everything possible to safeguard the personal information they entrust to us. We also want you to know that what Bloomberg reports on Apple is inaccurate.
Apple has always believed in being transparent about the ways in which we handle and protect data. If an event of this kind ever occurs, as Bloomberg News has stated, we will contact him and work closely with the police. Apple engineers perform periodic and rigorous security assessments to ensure that our systems are secure. We know that security is an endless race and that is why we constantly strengthen our systems against increasingly sophisticated hackers and cybercriminals who want to steal our data.
Businessweek's published story also states that Apple "reported the incident to the FBI, but kept details about what it had narrowly detected, even internally." In November 2017, after this indictment was filed for the first time, we provided the following information to Bloomberg as part of a detailed and detailed response to the record. First, it addresses the baseless claims of its reporters about a supposed internal investigation:
Despite numerous discussions in various teams and organizations, no one at Apple has heard of this investigation. Businessweek has refused to provide us with any information to track the alleged procedures or conclusions. Nor have they demonstrated any understanding of the standard procedures that were supposedly mocked.
Nobody from Apple ever came to the FBI for something like this, and we have never heard the FBI about such an investigation, let alone trying to restrict it.
IIn an appearance this morning on Bloomberg Television, reporter Jordan Robertson made new claims about the alleged discovery of malicious chips and said: "In the case of Apple, we understand that it was a random check of some problematic servers that led to this detection."
As we previously informed Bloomberg, this is completely false. Apple has never found malicious chips on our servers.
Finally, in response to questions we have received from other news organizations since Businessweek published their story, we are not under any gag or other confidentiality obligations.
Chinese officials also denied the attack.
"We hope that the parties make less gratuitous accusations and suspicions, but make more constructive talks and collaboration so that we can work together in the construction of a peaceful, safe, open, cooperative and orderly cyberspace," said a spokesman for the Ministry of Foreign Affairs. from China.
According to Bloomberg, spy chips were designed for motherboards, the nerve centers of computer equipment, used in data centers operated by Apple, Amazon Web Services and others.
The chips were designed to be undetectable by standard machines and were covertly attached during the manufacturing process to the motherboards that were wrapped in servers deployed in the United States.
Bloomberg said a three-year secret investigation, which remains open, allowed spies to create a "hidden door". towards the computer, a hardware-based input that would be more effective and harder to detect than a software hack.
SuperMicro denied the existence of an ongoing investigation and said: "We are not aware of any investigation of this type," Supermicro spokesman Perry Hayes told Bloomberg.
Hayes added that customers, such as Apple and Amazon, or the US police. UU They have never notified about malicious chips on their motherboards.
The chips were designed to be undetectable by the machines and were covertly attached during the manufacturing process to the motherboards that were wrapped in servers deployed in the USA. UU
READ THE COMPLETE STATEMENT OF AMAZON DENYING THE SPY CHIP REPORT
Set the record in the erroneous Bloomberg BusinessWeek article
Today, Bloomberg BusinessWeek published a story in which it stated that AWS knew the modified hardware or malicious chips on the SuperMicro motherboards on the Elemental Media hardware at the time Amazon acquired Elemental in 2015, and that Amazon knew the hardware or Modified chips in the China AWS region.
As we share with Bloomberg BusinessWeek several times during the last two months, this is not true. At no time, past or present, have we encountered problems related to modified hardware or malicious chips on the SuperMicro motherboards in the Elemental or Amazon systems. We have not participated in an investigation with the government either.
There are so many inaccuracies in this article regarding Amazon that are hard to tell. We will name only some of them here. First, when Amazon was considering acquiring Elemental, we did a lot of due diligence with our own security team, and we also commissioned a single external security company to also do a security assessment for us. That report did not identify any problems with the modified chips or hardware. As is typical of most of these audits, it offered some recommended areas to remedy, and we solved all the critical problems before the acquisition was closed. This was the only external safety report commissioned. Bloomberg admits that he has never seen our commissioned security report or any other (and has refused to share with us any details of any other report).
The article also states that after knowing the hardware modifications and the malicious chips in the Elemental servers, we carried out an audit of the entire network of the SuperMicro motherboards and discovered the malicious chips in a Beijing data center. This statement is equally false. The first and most obvious reason is that we never find modified hardware or malicious chips in the Elemental servers. Apart from that, we never find modified hardware or malicious chips in the servers of any of our data centers. And this idea that we sold the hardware and data center in China to our partner Sinnet because we wanted to get rid of the SuperMicro servers is absurd. Sinnet had been running these data centers since we launched in China, from the beginning they were owners of these data centers, and the hardware that we "sold" them was an asset transfer agreement required by China's new regulations for the cloud no china Suppliers will continue to operate in China.
Amazon uses strict security standards throughout our supply chain: it researches all the hardware and software before starting production and conducts regular security audits internally and with our supply chain partners. We further strengthen our security stance by implementing our own hardware designs for critical components such as processors, servers, storage systems and network equipment.
Safety will always be our top priority. AWS has the confidence of many of the most risk-sensitive organizations in the world, precisely because we have demonstrated this unwavering commitment to putting their safety above everything else. We are constantly attentive to potential threats to our clients, and we take quick and decisive action to address them every time they identify.
– Steve Schmidt, Director of Information Security
Citing unnamed US officials, Bloomberg said a unit of the People's Liberation Army was involved in the operation that placed the chips in equipment made in China for Super Micro Computer Inc., based in the United States. UU
Super Micro, according to Bloomberg, also manufactured equipment for the data centers of the Department of Defense, the operations of unmanned aircraft of the CIA and the networks on board the warships of the Navy.
The report said Amazon discovered the problem when it acquired the software firm Elemental and began a security review of the equipment manufactured for Elemental by Supermicro, based in California.
Super Micro manufactures its equipment in San Jose, California, but subcontracts its manufacturing to contractors in China.
Many US technology companies UU Subcontract parts of your supply chain operations to facilities in China.
This has stoked fears that foreign intelligence agencies will infiltrate US companies through "supply chain attacks."