澎湃News reporter Liu Hui
On the 7th local time, Apple senior security officials sent a letter to the US Congress, saying they did not find any evidence that Chinese hackers attacked the company through chips.
According to a Reuters report on October 7, George Stathakopoulos, Apple's vice president of information security, wrote in a letter to the US Senate and the House Business Council that the company did not investigate after repeated investigations. The evidence found support for Bloomberg Businessweek's previous report that the server from the supplier Supermicro was implanted into the server and transmitted information to China.
Stark Pross also revealed to Reuters that "Apple's proprietary security tools will continuously scan for this outbound traffic because it indicates malware or other malicious activity. But (security tools) have never found a similar situation. ”
On October 4th, Bloomberg Businessweek published a cover story "Big Hackers: How China Uses Microchips to Infiltrate US Companies." The report claimed that companies including Apple, Amazon and other government security departments have been "invasive" from Chinese chips.
The report claims that the AMD's data center server board, manufactured by a Chinese subcontractor, is embedded with a microchip that looks like a signal conditioning coupler, enabling the Chinese government to obtain highly sensitive data on the server.
In response to this report, Apple, Amazon, and the US Supermicro have all responded that the report is incorrect.
Apple said that in the past year, Bloomberg has repeatedly contacted it, claiming to have discovered security incidents involving the company, sometimes with vague words and sometimes more detailed descriptions. Every time, Apple conducts a rigorous internal investigation based on their inquiry, but each time no evidence is found to support their claims. According to the records, Apple has repeatedly provided a factual response, almost refusing Bloomberg's various aspects of Apple's report.
Amazon and Supermicro have also strongly denied that the report is true. Amazon said: "We have not found any evidence that the malicious chip or hardware has been modified. & rdquo; AMD said, “Although we will cooperate with any government investigation …… and no government agencies have contacted us. We are not aware of any customers who have abandoned AMD as a supplier because of such problems. ”
The National Cyber Security Center (NCSC) and the US Department of Homeland Security (DHS) voiced on October 5th and 6th, respectively, saying there was no reason to suspect that Apple and Amazon denied the discovery of spy chips.
On the 7th, Stark Pross re-emphasized Apple's previous statement to the media that Apple had never found any malicious chips that were intentionally implanted in the server, "hardware manipulation" or vulnerabilities. Apple has never had any contact with the Federal Bureau of Investigation (FBI) or any other agency for such incidents. We don't know that the FBI has conducted any related investigations, and the FBI has not been in contact with us in this regard. Stark Pross said he can introduce this issue to members of Congress this week.