A third-party audit into Super Micro Computer - styled as Supermicro - hardware has turned up no evidence to support claims that its server product manufacturing chain had been exploited by a state actor to place physical back door hardware onto motherboards used by companies including Amazon and Apple, the company's chief executive officer reports.
Concerns over a breach of Supermicro's supply chain were raised by Bloomberg Businessweek back in October in an article which claimed a state actor had placed hardware onto Supermicro server motherboards shipped to customers including Amazon and Apple which provided back door access to the systems. At the time, Supermicro, Apple, and Amazon all denied the claims, including the site's sources which stated they had been in contact with the US Federal Bureau of Investigation (FBI) regarding the issue since 2015.
These denials, coupled with pushback from at least one of the story's sources, didn't stop Bloomberg doubling-down on its claims, but Supermicro is hoping to finally put things to rest with a third-party audit which has turned up no evidence of any unauthorised hardware in its products.
'Recent reports in the media wrongly alleged that bad actors had inserted a malicious chip or other hardware on our products during our manufacturing process. Because the security and integrity of our products is our highest priority, we undertook a thorough investigation with the assistance of a leading, third-party investigations firm,' chief executive officer Charles Liang writes, in a letter co-signed by chief compliance officer David Weigand and chief product officer Raju Penumatcha. 'A representative sample of our motherboards was tested, including the specific type of motherboard depicted in the article and motherboards purchased by companies referenced in the article, as well as more recently manufactured motherboards.
'Today, we want to share with you the results of this testing: After thorough examination and a range of functional tests, the investigations firm found absolutely no evidence of malicious hardware on our motherboards. These findings were no surprise to us. As we have stated repeatedly, our process is designed to protect the integrity and reliability of our products. We appreciate the industry support regarding this matter from many of our customers, like Apple and AWS. We are also grateful for numerous senior government officials, including representatives of the Department of Homeland Security, the Director of National Intelligence, and the Director of the FBI, who early on appropriately questioned the truth of the media reports. As we have stated repeatedly since these allegations were reported, no government agency has ever informed us that it has found malicious hardware on our products; no customer has ever informed us that it found malicious hardware on our products; and we have never seen any evidence of malicious hardware on our products.'
Supermicro stock rose slightly on the publication of the letter, though is still trading well below where it was prior to Bloomberg's report.
November 18 2019 | 09:00