Chinese military hackers have been covertly implanting microchips into the motherboards of computer servers used by major US tech companies, including Apple and Amazon, a new report claims.
The stunning expose, published by Bloomberg Businessweek, claims that a specialist cyber-attack unit in the People’s Liberation Army (broadly speaking, the Chinese military) has been facilitating the insertion of malicious chips into computer equipment used by some 30 firms and a handful of US government agencies.
Citing anonymous intelligence and company sources, the article says the hardware breach originated on the production line in China and was first uncovered back in 2015, with the minuscule chips being designed to evade traditional security vetting methods.
If accurate, the report would mean that the Chinese military gained backdoor access to the internal networks of the companies and government agencies involved, giving them hitherto unprecedented access to sensitive data – and even, in extremis, the power to control server-level operations.
Related: How to delete Facebook
“Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow. Hardware is just so far off the radar, it’s almost treated like black magic,” Joe Grand, a white hat hacker and the founder of Grand Idea Studio, told the publication.
Amazon, it’s alleged, discovered the attack through its acquisition of video streaming startup Elemental Technologies in 2015, while Apple also became aware at a similar time, it has been claimed.
While users of these companies products have little to worry about – honestly, the Chinese government doesn’t give a floating fiddle about your dodgy internet search history – the scale, deep-level penetration, and sheer audacity of the breach means it could have a trickle down effect on the consumer electronics market, given China’s prominent position in the component supply chain.
Ross Rustici, senior director of intelligence services at Cybereason, said that higher prices are likely to be the end result if companies look to implement tougher product security protocols in the wake of the report.
“Fundamentally, supply chain security is a cost problem. It is almost always conducted by a complicit insider, whether it is at the factory, a transportation agent, or customs official. This makes creating a tamper proof product extremely costly, as the number of safeguards and other mechanisms required would drive up the cost of the product beyond market viability,” Rustici told Trusted Reviews.
Both Apple and Amazon are robustly denying the allegations.
In a statement to the press, Apple said: “On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.”
Amazon responded:“It’s untrue that [we] knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental.”
Are you worried by reports that Apple, Amazon and the US government may have been hacked by the Chinese military? Tweet your thoughts to us @TrustedReviews.