Super Micro Says Audit Found No Malicious Motherboard Components, Countering Report
Computer system maker Super Micro said that no malicious components were found on motherboards fingered in a Bloomberg Businessweek report that alleged Chinese infiltration of the manufacturing process. The Bloomberg article cited a host of anonymous sources within companies and the U.S. government who stated China had inserted chips capable of exfiltrating data in often nearly undetectable ways. Super Micro’s clients include Apple, Amazon, and other major firms.
In a statement to its customers posted on its Web site Dec. 11, the company’s CEO and other executives stated that an independent investigations firm had examined a variety of motherboards for compromises. This included the specific types mentioned in the article and motherboards that had been “purchased by companies” mentioned in the article. The outside company found “absolutely no evidence of malicious hardware on our motherboards.”
Super Micro didn’t release the name of the auditing firm or the report, but Reuters reports that the company was Nardello & Co., and that Super Micro will make some detail available from the reports to its customers on request. Super Micro told Fortune via a spokesperson that it had no further comment.
A spokesperson for Bloomberg, asked whether this statement affected its stance on its reporting, said the company had no comment. On Oct. 19—after earlier rebuttals by companies and U.S. government officials—the publication said, “We stand by our story and are confident in our reporting and sources.”
Bloomberg’s reporting has been questioned since it first appeared for its extensive reliance on anonymous sources, and for some of plausibility of the technical details. Chinese authorities would have had to modify motherboard designs and produce custom chips that could be integrated without detection, and which could secretly tap into activity on the motherboard and then use Internet connectivity to send the details on.
Several investigative journalists in the security realm said at the time they hadn’t heard a whiff of this kind of hardware intrusion, and no news outlet or security researcher has provided independent confirmation of the Bloomberg claims.
Super Micro’s stock dropped over 40% after the Bloomberg report appeared. The stock has since recovered somewhat, rising even during a bearish market, but still 20% off its peak in September. The company opted to suspend its stock temporarily from the NASDAQ exchange in August when it faced delisting for failing to be up to date in SEC filings.