Slashdot Mirror

← Back to Stories (view on slashdot.org)

Super Micro Says Review Found No Malicious Chips in Motherboards (reuters.com)

Posted by msmash on from the tussle-continues dept.

Computer hardware maker Super Micro Computer told customers on Tuesday that an outside investigations firm had found no evidence of any malicious hardware in its current or older-model motherboards. From a report: In a letter to customers, the San Jose, California, company said it was not surprised by the result of the review it commissioned in October after a Bloomberg article reported that spies for the Chinese government had tainted Super Micro equipment to eavesdrop on its clients.

12 of 95 comments (clear)

  1. Re:Well, if the most incompetent tech company on t by Anonymous Coward · · Score: 2, Funny

    I did not know we were talking about HP.

  2. ... but there is now! by lkcl · · Score: 2

    i fully expect the next news report to be, "Supermicro computers discovered in second audit to have been compromised by auditing company. The first audit company, itself secretly compromised by {insert government-of-paranoia-choice-here}, was found to have tampered with the master copies of the bootloader firmware, during its on-site privileged access to Supermicro's Headquarters".

    quis custodiet custodiens?

  3. Sufficient proof to 'prove the negative'? by david.emery · · Score: 4, Interesting

    On this story, and the previous stories on this topic, a lot of posters have doubted the denials from Super Micro, Apple, Facebook and the various government agencies. I suspect this independent audit won't convince them, either.

    So my question for the assembled multitude is this: What would be -sufficient proof- this didn't happen? Or is this one of those things where you won't accept any explanation from "the deep state"/"vested interests"/etc?

    This is a significant issue for tech in general, as we need some widely accepted way to show systems are free from hidden vulnerabilities.

    1. Re:Sufficient proof to 'prove the negative'? by _bug_ · · Score: 5, Insightful

      There's no proving a negative. Burden of proof is on Bloomberg and they don't have it. People who believe the Bloomberg story aren't going to be convinced of anything otherwise. It's like trying to argue a person's religious belief is 'not true'.

    2. Re:Sufficient proof to 'prove the negative'? by timholman · · Score: 4, Insightful

      There's no proving a negative. Burden of proof is on Bloomberg and they don't have it.

      Exactly. Supposedly thousands of motherboards were compromised, and sold to multiple customers. The failure of Bloomberg (or anyone else) to produce a single compromised piece of hardware, or even a die photo of the supposed spy chip, says it all. There's no evidence to be found because it doesn't exist.

      Conspiracy believers aren't going to change their minds. But for everyone else in the industry, it has become blatantly clear that Bloomberg screwed up royally with this story.

    3. Re:Sufficient proof to 'prove the negative'? by david.emery · · Score: 2

      One suggestion for motivation is to drive prices of Super Micro, and tech in general, down. That certainly happened for Super Micro. Another is to cast doubt on tech, particularly Big Tech (and cloud vendors) in general. That could be for financial reasons, or it could be for propaganda/'engendering distrust" reasons.

      I'm not saying I necessarily believe either suggestion, but they're worth considering if one concludes the Bloomberg story was a deliberate plant, rather than just particularly shoddy journalism. (Hanlon's Law may well apply here.)

  4. Re: meaningless by Anonymous Coward · · Score: 3, Funny

    So you thought that "outside investigation" meant that they performed it outdoors.

  5. Re:Well, if the most incompetent tech company on t by TomGreenhaw · · Score: 3, Informative

    Anecdotally speaking, I have had great experience with my Super Micro servers for more than 15 years.

    --
    Greed is the root of all evil.
  6. Bloomberg needs to explain where photos came from by goombah99 · · Score: 2

    Generally bloomberg is pretty reliable so one wants to give them the benefit of the doubt. And they must think their sources reliable enough to make them worth protecting. But at this point is seems like they do need to defend their certainty more.

    Super micro presumably can only inspect the boards it has now not the boards it shipped. It could try recalling some of those but if the infiltration was selective and rare that might not be possible. For example if a few of the boards shipped to say, the NSA, where modified, a sampling might not find them, and the NSA would never let a board leave their facility once it goes into use. So that could be the discrepancy here. The china-modified boards might very well have been shaped to mainly go to orders for targeted customers.

    It seems like getting to the bottom of this would be useful.

    A good place to start would be those photos accompanying the Bloomberg article. They showed a specific chip on a specific board. So where did that photo come from and is the circled chip really what they claim. That presumably is answerable.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  7. Re:Bloomberg needs to explain where photos came fr by EEmarty · · Score: 2

    That photo they showed was not the actual chip, just a mockup of what it might look like. They made that fact hard to find in the captions. For anything new to get uncovered with this story, one of the sources to the bloomberg story needs to come forward with more information. Or some other engineer from amazon/elemental/apple who was supposedly involved in the detection of the chip. The article was written like breaking news with the assumption that more information would imminently become public, but that hasn't happened. Additional denials by Supermicro, apple, amazon, or governments don't really add the the discussion.

  8. Memberberries - I 'member! by freeze128 · · Score: 3, Insightful

    I seem to remember a news story from almost a decade ago about a surreptitious monitoring chip installed in a laptop, connected to the laptop's keyboard. This may have been a targeted attack, and not an infiltration of the supply line. Personally, I believe the unknown keyboard chip wasn't any kind of listening device, but rather some compatibility device to make the keyboard work.

    I have some doubts about how a tiny "grain of rice sized chip" can both send and receive data on the wired ethernet port (differential signals) without actually BREAKING the lines and inserting itself into the path. Also, it wouldn't magically have FULL CONTROL of the PC, but would be able to only retransmit the data that was coming in/going out of the ethernet port to another ip address.

  9. Re:Bloomberg needs to explain where photos came fr by f00zbll · · Score: 2
    As others have pointed out, it was a photoshop and not a real photo. By law, they're supposed to turn that evidence over to the FBI. Since the FBI already said that it didn't happen and they have no evidence, I would say Bloomberg isn't reliable.

    This is the same Bloomberg that runs news story suggested by Wall Street elite to pump and dump stocks. This is the same Bloomberg that is the unofficial marketing arm of Wall Street. This is the same Bloomberg that has been saying regulations aren't needed anymore because the market can regulate itself, except that they know they can't. So what good evidence do you have that Bloomberg isn't more than just a wall street marketing machine?