Report: Supermicro servers compromised by Chinese hardware backdoors


Unless you're reading this website by pure happenstance, it's pretty likely that you're familiar with the Supermicro name. You may have ordered some of the company's server hardware at some point, in fact. If you're even mildly concerned with data security, you may want to step on over to Bloomberg and read the site's latest feature article. The publication claims it has testimony from many sources, including "six current and former national security officials" plus insiders at Amazon and Apple, asserting that a massive US government investigation is ongoing regarding hardware backdoors installed in some Supermicro server motherboards used by as many as 30 U.S. companies.

The purported problem is that some Supermicro machines have rogue miniature onboard components that mimic signal conditioning couplers. Despite their diminutiveness and appearance, these components appear to be malicious micro-controllers that can manipulate data going to or from system memory. Bloomberg claims the chips were installed at the time of manufacturing. Given their positioning and capabilities, these chips could steal data or give attackers access to completely indefensible backdoors into affected systems. The chips were supposedly installed by agents of China's People's Liberation Army and apparently located during a security audit of servers sold by Elemental.

It's important to note that according to Bloomberg, all three companies mentioned in the article (Supermicro, Apple, and Amazon) have flatly denied these remarks. China's Ministry of Foreign Affairs reportedly said the story is nonsense, too. Even still, a lot of the details seem to line up, and Supermicro's stock is down by almost 50% today. If there's even a shard of truth to the tale, then the implications are fairly terrifying. You might take a moment this evening to hit the news agency's site and read the article in full. Let us know what you think of the allegations in the comments .

Tip: You can use the A/Z keys to walk threads.
View options