This time, for some reason, Apple decided to release a large-scale article-analysis on its website.
On October 4, Bloomberg released a material stating that the Chinese military secretly introduced spy bugs into motherboards at Supermicro’s factories for several years. According to journalists, after that, the boards were installed in servers designed for large American companies, including Apple and Amazon.
Sources of the publication said that Apple and Amazon had been monitored independently of each other and reported it to the FBI, where they have been investigating for three years. Reporters noted that they interviewed 17 people, among whom were government officials, as well as top managers of the company from Cupertino.
Amazon, chip maker Supermicro, and the Chinese government almost immediately began to deny what happened. However, Apple took an unprecedented step for itself and published a sharp refutation of data from Bloomberg.
The article was published in the Apple Statements section, and in recent years this is just the second material in this section. The company uses it very rarely: usually in order to reflect its position. During major scandals or leaks, Apple prefers to remain silent and simply refuses to comment.
In its article, Apple is not shy about harsh language and explicitly states that information about malicious chips on servers is “incorrect.” The company claims that during the past year it has repeatedly explained this to Bloomberg correspondents and editors.
Shortly before the publication of the material, Apple turned to the publication with a statement in which she explained that she had not encountered Chinese bugs in her servers. The company noted that it responded to all requests from Bloomberg and conducted inspections, but they did not reveal anything.
We can say directly: intentionally embedded malicious chips or other pieces of hardware, as well as sources of vulnerability, were not found on any of the Apple servers.
The company claims that, according to internal rules, it checks each server before using it. No vulnerabilities were found in the Supermicro hardware, so Apple believes that journalists could be mistaken or misinterpret their sources.
We are deeply disappointed that, while interacting with us, Bloomberg correspondents do not allow the possibility that they or their sources may be mistaken or have incorrect information. Most likely, they confuse the current situation with the previously described case of 2016, in which a driver containing malicious software was detected on one of the Super Micro servers in our laboratory. This single incident was considered an accident, not a targeted attack on Apple.
In a letter to reporters, Apple also stated that it had never appealed to the FBI or another agency, and did not conceal anything from its own employees.
Despite numerous discussions in various departments and organizations, no one at Apple had heard of such an investigation. Businessweek magazine refused to provide us with any information that would help to find information about the course of the alleged investigation or its results.
None of Apple has appealed to the FBI about this situation, and we have never received information from the FBI about such an investigation, let alone to prevent it.
At the end of the article, the company separately noted that talking about this does not violate any rules, since it is not under the ban on disclosing information or under other legal restrictions.