The Chinese military successfully added a small microchip to computers manufactured in China and then shipped overseas where they were used at companies, including Amazon and Apple, as well as banks, and defense contractors, according to a report by Bloomberg Businessweek.
However, the Chinese government, Apple, Amazon, and an unnamed U.S. government official who spoke to the Washington Post disputed this claim.
According to the Bloomberg report, the microchips, which were the size of a grain of rice, provided China with a way to remotely access the computers.
The microchips were first discovered by Amazon, when the company had a third-party security company analyze the existing servers of Elemental Technologies, a U.S. based startup it was thinking about acquiring. Workers at this security company realized that this microchip was not part of the original design of the motherboards for these servers, which had been produced in China.
Once Amazon discovered the problem, it alerted the U.S. government, the report said.
Elemental Technologies had national security contracts and servers similar to the one that Amazon tested were in data centers belonging to the Department of Justice, on Navy warships, and in systems used to control CIA drones, according to the Bloomberg report.
Ninety percent of the world's personal computers are made in China. Bloomberg reported that servers from Supermicro, the same company that produced the motherboards that allegedly contained extra microchips, had been purchased in the thousands by companies like Apple for years.
In a statement, Amazon dismissed the claim:
At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government. There are so many inaccuracies in this article as it relates to Amazon that they’re hard to count.
Apple, which Bloomberg reported was also compromised by the microchips, denied this report as well. The Post, which is owned by Amazon CEO Jeff Bezos, also cast doubt on the claim, but cited a U.S. government official who initially confirmed the story before backtracking.
The Bloomberg report was based on reports from 17 unnamed people, including three "Apple insiders," six current and former U.S. national security officials, two people inside Amazon Web Services, and six unidentified sources.
