Apple CEO Tim Cook, in an interview with BuzzFeed News, went on the record for the first time to deny allegations that his company was the victim of a hardware-based attack carried out by the Chinese government. And, in an unprecedented move for the company, he called for a retraction of the story that made this claim.
I have zero reason to believe anything Apple or Tim Cook says on this matter. Apple is utterly and wholly dependent on the Chinese government, and assuming the Bloomberg story is 100% accurate, I doubt Tim Cook would openly side with Bloomberg and thus openly attack the Chinese government. Xi Jinping can literally make or break Apple – the American company cannot build its iPhones anywhere else, as not only would it take an utterly massive hit in its margins, it would take years – possibly even decades – to train the amount of staff needed to build that many iPhones. Apple simply has no choice but to bend over backwards for the Chinese government, which is why Apple readily hands over all of its Chinese customers’ data to the Chinese government.
That being said, this doesn’t automatically mean the Bloomberg story is 100% accurate. I don’t believe in crazy conspiracy theories – conspiracy theories are dumb – about coordinated leaks by the Trump administration to discourage American companies from building their products in China. The Trump administration is wholly and utterly inept at doing anything and is held together only by a common desire to oppress women and minorities and sack America before the curtain falls, so I doubt they could even arrange a single secret meeting with Bloomberg journalists without Trump incoherently tweeting about it or somebody resigning over it.
The truth probably lies somewhere in the middle, and only time will tell where, exactly, that middle lies.
Funny enough, I just attended a talk today by an agent that confirms Bloomberg is way more correct than Apple on this. in fact, it was predominantly Apple and another company that were mentioned throughout the conversation.
No offence, but, if you’ve got further information you should pony it up or what you’ve said just looks like a biased accusation.
JLG’s claim of “real journalism” (last sentence) seems a little naive. Authorities really do lie (regularly) when it comes to matters of supposed national security. Reporting on that stuff unfortunately becomes murky, almost by necessity.
I think the Bloomberg article is less about infected motherboards (this side of it could actually be very minor/failed/thwarted) than about an open US investigation into this. That’s very hard to verify. But everyone is right that the denials seem particularly strong in this case.
Still, I think it’s wise to be skeptical of both sides (Bloomberg as well as Apple/US/China) than to find oneself defending these corporations and government agencies…
Especially considering not only the difficulty of sneaking a chip onto a board, but how much better it would be to use software hacks (Especially for boards as reportedly buggy as what Supermicro churns out), claims that the Chinese government did this are rather extraordinary.
And, extraordinary claims require extraordinary evidence. Bloomberg has provided none.
And, it should be easy to produce an example of the chip, or, hell, even just a photograph!
Has anyone reached out to Supermicro? Strange how little we’ve heard from them, considering it’s their product at the center of all this.
Edited 2018-10-20 17:03 UTC
https://www.supermicro.com/newsroom/pressreleases/2018/press181004_B…
^aEURoeSupermicro has never been contacted by any government agencies either domestic or foreign regarding the alleged claims.
Supermicro takes all security claims very seriously and makes continuous investments in the security capabilities of their products. The manufacture of motherboards in China is not unique to Supermicro and is a standard industry practice. Nearly all systems providers use the same contract manufacturers. Supermicro qualifies and certifies every contract manufacturer and routinely inspects their facilities and processes closely.^aEUR
Why demand proofs when you can pander to prejudice
That’s what they want you to think.
If Bloomberg is correct then expect China to lash out using proxies large and small to attack back. A story retraction is not the goal. China will crush them in every imaginable way.
Edited 2018-10-20 19:41 UTC
Everyone has said this is bunk! Several US government agency^aEURTMs (Even though China is a target right now of the US government.) The UK, Australia and others have said its bunk etc.
It^aEURTMs not just Apple saying it^aEURTMs bunk. Not sure why anyone one would believe a non tech publication that is regularly wrong about Apple and Amazon stories and then trust them with a story like this.
Guess people who hate on Apple will believe anything negative in relation to them.
Edited 2018-10-21 03:35 UTC
On one side, we’ve got an article about a chip with the size and connectivity of a filtering capacitor having the capabilities and access of a northbridge controller being physically concealed on motherboards. It cites no named sources, and at least one person claiming to be among the unnamed sources has suggested the article may have spun his speculation about hypothetical methods directly into allegations of fact.
On the other side, we’ve got major U.S. tech companies describing, in detail, how they secure their supply chains and use heuristic monitoring to make sure they didn’t miss anything, and stating in no uncertain terms that the events described in the article, like discovering suspicious chips and contacting the FBI, did not occur. Additionally, we have the testimony of numerous infosec experts saying that such a hardware attack is less feasible and no more effective than software vectors.
It’s not unreasonable to point out that Tim Cook has an enormous vested interest in the article being false, but lucky for him, the facts suggest the article is false.
I’d even go so far as to say that the mere speculation of such an attack is good reason to move away from having all the machines that run the world built within the jurisdiction of a hostile totalitarian state, but, again, lucky for us, it appears to be only speculation.
Maybe it is all lies, I would not be surprised in the slightest.
But no, the alleged spychip is not a minuscule north bridge: it is (allegedly) connected to the I2C management bus that runs all around the motherboard. That requires only two lines for clock and data, and is a very slow speed bus, meant for ferrying around configuration values and turning things on and off before the system is in a fully operative condition. A very small 8b microcontroller with very little memory could be used to write a few values in wisely chosen places before, outside every OS protection mechanism.
So, technologically, it is feasible. Or _sounds_ feasible. Which is what makes the matter so scary. Is there truth behind, or are _they_ trying to scare us into _something_? Whatever the case, there is an extremely serious case of manipulation.
Apple would not have been forced, they would have offered to help
All the facts points to Bloomberg being wrong.
https://www.servethehome.com/investigating-implausible-bloomberg-sup…