Slashdot Mirror

← Back to Stories (view on slashdot.org)

Super Micro Says Review Found No Malicious Chips in Motherboards (reuters.com)

Posted by msmash on from the tussle-continues dept.

Computer hardware maker Super Micro Computer told customers on Tuesday that an outside investigations firm had found no evidence of any malicious hardware in its current or older-model motherboards. From a report: In a letter to customers, the San Jose, California, company said it was not surprised by the result of the review it commissioned in October after a Bloomberg article reported that spies for the Chinese government had tainted Super Micro equipment to eavesdrop on its clients.

6 of 95 comments (clear)

  1. Sufficient proof to 'prove the negative'? by david.emery · · Score: 4, Interesting

    On this story, and the previous stories on this topic, a lot of posters have doubted the denials from Super Micro, Apple, Facebook and the various government agencies. I suspect this independent audit won't convince them, either.

    So my question for the assembled multitude is this: What would be -sufficient proof- this didn't happen? Or is this one of those things where you won't accept any explanation from "the deep state"/"vested interests"/etc?

    This is a significant issue for tech in general, as we need some widely accepted way to show systems are free from hidden vulnerabilities.

    1. Re:Sufficient proof to 'prove the negative'? by _bug_ · · Score: 5, Insightful

      There's no proving a negative. Burden of proof is on Bloomberg and they don't have it. People who believe the Bloomberg story aren't going to be convinced of anything otherwise. It's like trying to argue a person's religious belief is 'not true'.

    2. Re:Sufficient proof to 'prove the negative'? by timholman · · Score: 4, Insightful

      There's no proving a negative. Burden of proof is on Bloomberg and they don't have it.

      Exactly. Supposedly thousands of motherboards were compromised, and sold to multiple customers. The failure of Bloomberg (or anyone else) to produce a single compromised piece of hardware, or even a die photo of the supposed spy chip, says it all. There's no evidence to be found because it doesn't exist.

      Conspiracy believers aren't going to change their minds. But for everyone else in the industry, it has become blatantly clear that Bloomberg screwed up royally with this story.

  2. Re: meaningless by Anonymous Coward · · Score: 3, Funny

    So you thought that "outside investigation" meant that they performed it outdoors.

  3. Re:Well, if the most incompetent tech company on t by TomGreenhaw · · Score: 3, Informative

    Anecdotally speaking, I have had great experience with my Super Micro servers for more than 15 years.

    --
    Greed is the root of all evil.
  4. Memberberries - I 'member! by freeze128 · · Score: 3, Insightful

    I seem to remember a news story from almost a decade ago about a surreptitious monitoring chip installed in a laptop, connected to the laptop's keyboard. This may have been a targeted attack, and not an infiltration of the supply line. Personally, I believe the unknown keyboard chip wasn't any kind of listening device, but rather some compatibility device to make the keyboard work.

    I have some doubts about how a tiny "grain of rice sized chip" can both send and receive data on the wired ethernet port (differential signals) without actually BREAKING the lines and inserting itself into the path. Also, it wouldn't magically have FULL CONTROL of the PC, but would be able to only retransmit the data that was coming in/going out of the ethernet port to another ip address.