Other companies have also fallen "victim" to China modifying hardware for surveillance, the security researcher said.
If any company is affected, though, it might not be easy to get an answer. AT&T, Sprint, T-Mobile and Verizon (our parent company) have all denied being affected, with AT&T and Sprint explicitly stating that they don't use Super Micro hardware. Cable provider CenturyLink has denied being the subject of the story, and Engadget has learned that Comcast also isn't involved. We've asked Charter for comment and will let you know if it responds.
There are also questions about the nature of the overall spy chip claims. Motherboard noted that one of the security experts referenced in Bloomberg's original article, Joe Fitzpatrick, told the Risky Business podcast that he'd been referenced out of context and that the technical details of the spy chip story were "theoretical." In both stories, Bloomberg hadn't provided evidence to the companies in question or outside observers.
Bloomberg has continued to stand by its reporting and sources. However, the story might not go much further than this. On top of the adamant corporate denials, both the Department of Homeland Security and the UK's National Security Centre have backed the companies by tentatively supporting their claims. Simply put, there don't appear to be any parties who take the assertions seriously enough to launch an investigation.
Update: A Bloomberg News spokesperson has provided a statement both defending its latest story and suggesting that Fitzpatrick mischaracterized his role. You can read the full statement below.
"As is typical journalistic practice, we reached out to many people who are subject matter experts to help us understand and describe technical aspects of the attack. The specific ways the implant worked were described, confirmed, and elaborated on by our primary sources who have direct knowledge of the compromised Supermicro hardware. Joe FitzPatrick was not one of these 17 individual primary sources that included company insiders and government officials, and his direct quote in the story describes a hypothetical example of how a hardware attack might play out, as the story makes clear. "
"Our reporters and editors thoroughly vet every story before publication, and this was no exception."