Security warned companies that hardware manufacturers could plant backdoors into products and that these manufacturers and other governments could access or compromise private data. That has happened to Apple and Amazon.
Amazon investigated their servers that were installed by Elemental Technologies and found that there was a backdoor. The chip was to do this was smaller than a grain of rice according to the extensive report by Bloomberg. The chips were found back in 2015 and the government took some time to figure out what was going on. It was found that the hardware creates:
A stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
There are two ways in which these chips could have been planted. Firstly, it is possible that the hardware was intercepted and then the chips were planted. The second possibility is that the chips were planted from the very beginning. Apple, Amazon, Supermicro, and the Chinese government do not agree to this story but it is worth mentioning that, according to Bloomberg:
[Six] current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks.
These findings are very interesting indeed and you can check out the full report along with all the Bloomberg findings.
Let us know what you think about Amazon and Apple servers being compromised and whether or not you think China had a hand in all of this.