Thursday, December 13, 2018

Investigator finds no evidence of spy chips on Super Micro motherboards

An investigation by an outside firm that specializes in all manner of corporate investigations has found no evidence that motherboards sold by Super Micro Computer but made in China had secret chips implanted in them for spying or backdoor access.

Like every other OEM, Super Micro, based in San Jose, California, sources many of its components from China. There have been issues raised in the past about Chinese-owned hardware companies. IBM faced some initial resistance when it sold its x86 server business to Lenovo, especially since many government agencies — including the Defense Department — used IBM hardware.

But Super Micro was rocked last October when Bloomberg BusinessWeek ran a lengthy feature article alleging that tiny chips were being secretly stashed on Super Micro motherboards for the purpose of providing backdoors for hackers to illegally access the servers.

The article knocked back Super Micro, which vehemently denied the claims. Amazon and Apple both immediately came to Super Micro’s defense. Bloomberg has stood by the story, saying it spent a year working on the story and conducted more than 100 interviews, including with Apple and Amazon executives and U.S. government officials.

Since then, Super Micro has been doing its best to prove the claims wrong and repair its image. This week it posted a letter from CEO Charles Liang, along with SVP and Chief Compliance Officer David Weigand and SVP and Chief Product Officer Raju Penumatcha, who stated, “Because the security and integrity of our products is our highest priority, we undertook a thorough investigation with the assistance of a leading, third-party investigations firm.”

Strangely, Liang did not say who that third party was, but it has been determined to be Nardello & Co., which specializes in all kinds of corporate investigations, such as corruption and criminal behaviors. A spokesperson for Nardello told me that she “can confirm Super Micro’s statement that the investigation found no evidence of malicious hardware on the company’s motherboards.” And that is all she would say.

Liang said a sample of the company’s motherboards were tested, including the specific type of motherboard mentioned in the article and motherboards purchased by companies referenced in the article, as well as more recently manufactured motherboards.

“Today, we want to share with you the results of this testing: After thorough examination and a range of functional tests, the investigations firm found absolutely no evidence of malicious hardware on our motherboards,” he wrote.

Does this put the issue to rest? It doesn’t seem to have hurt Super Micro terribly. IDC just released its third quarter server numbers, and Super Micro unit sales rose 23.9 percent year over year, better than Dell at 10.5 percent and a lot better than HPE, which lost 9 percent. So, Super Micro seems to be weathering the storm.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Let's block ads! (Why?)


Thanks to Andy Patrizio (see source)

No comments:

Post a Comment