Supermicro third-party motherboard audit finds no spy chips

Supermicro says the review of its motherboards has not turned up malicious chips as reported by Bloomberg in October.

The report claimed that some of the servers with compromised Supermicro motherboards ended up in Apple and Amazon datacenters. Both companies strongly denied ever having identified malicious chips on their servers.

Supermicro several times refuted claims that Chinese spies had compromised its manufacturing process to put implants in hardware bound for the US that gave Beijing secret access to US networks.

The company in October announced it would carry out a third-party review of its equipment to assure customers its hardware didn’t contain Chinese implants.

Charles Liang, CEO of Supermicro, said in a letter to customers today that the third-party investigations firm had tested a representative sample of its motherboards, including the types mentioned in the Bloomberg piece that were purchased by Amazon and Apple.

“After thorough examination and a range of functional tests, the investigation found absolutely no evidence of malicious hardware on our motherboards,” wrote Liang.

“These findings were no surprise to us. As we have stated repeatedly, our process is designed to protect the integrity and reliability of our products”.

Liang also thanked Apple and AWS for their support in responding to the initial Bloomberg report and a follow up story that claimed to present new evidence of compromised Supermicro hardware in a US telecoms company.

Apple CEO Tim Cook, Liang and AWS boss Andy Jassy called on Bloomberg to retract the story, which it has declined to do.

Liang also thanked the Department of Homeland Security, the Director of National Intelligence and FBI Director Christopher Wray who told lawmakers to “be careful what you read” when asked about Bloomberg’s allegations.

“Today’s announcement should lay to rest the unwarranted accusations made about Supermicro’s motherboards,” said Liang.

Copyright © 2018 IDG Communications, Inc.

The 10 most powerful cybersecurity companies