Latest in Gear

Image credit: Getty Images/iStockphoto

China accused of planting spy chips in US telecom's network (updated)

All the major wireless carriers deny it.
603 Shares
Share
Tweet
Share
Save

Sponsored Links

Getty Images/iStockphoto

Tech giants may have vehemently denied Bloomberg's claims that Super Micro gave them hardware loaded with spy chips, but that isn't stopping fresh allegations. Bloomberg has obtained documents from security researcher Yossi Appleboum that reportedly show evidence of an unnamed major US telecom finding "manipulated hardware" from Super Micro in its network. According to Appleboum, there were "unusual communications" from a server that led the telecom to find an implant hidden in the server's Ethernet jack. The researcher determined that the server had been modified at a factory in Guangzhou after conducting an inspection.

Other companies have also fallen "victim" to China modifying hardware for surveillance, the security researcher said.

If any company is affected, though, it might not be easy to get an answer. AT&T, Sprint, T-Mobile and Verizon (our parent company) have all denied being affected, with AT&T and Sprint explicitly stating that they don't use Super Micro hardware. Cable provider CenturyLink has denied being the subject of the story, and Engadget has learned that Comcast also isn't involved. We've asked Charter for comment and will let you know if it responds.

There are also questions about the nature of the overall spy chip claims. Motherboard noted that one of the security experts referenced in Bloomberg's original article, Joe Fitzpatrick, told the Risky Business podcast that he'd been referenced out of context and that the technical details of the spy chip story were "theoretical." In both stories, Bloomberg hadn't provided evidence to the companies in question or outside observers.

Bloomberg has continued to stand by its reporting and sources. However, the story might not go much further than this. On top of the adamant corporate denials, both the Department of Homeland Security and the UK's National Security Centre have backed the companies by tentatively supporting their claims. Simply put, there don't appear to be any parties who take the assertions seriously enough to launch an investigation.

Update: A Bloomberg News spokesperson has provided a statement both defending its latest story and suggesting that Fitzpatrick mischaracterized his role. You can read the full statement below.

"As is typical journalistic practice, we reached out to many people who are subject matter experts to help us understand and describe technical aspects of the attack. The specific ways the implant worked were described, confirmed, and elaborated on by our primary sources who have direct knowledge of the compromised Supermicro hardware. Joe FitzPatrick was not one of these 17 individual primary sources that included company insiders and government officials, and his direct quote in the story describes a hypothetical example of how a hardware attack might play out, as the story makes clear. "

"Our reporters and editors thoroughly vet every story before publication, and this was no exception."

Verizon owns Engadget's parent company, Verizon Media. Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
603 Shares
Share
Tweet
Share
Save

Popular on Engadget

Hulu's 'Castle Rock' season 2 teaser shows the origins of 'Misery'

Hulu's 'Castle Rock' season 2 teaser shows the origins of 'Misery'

View
YouTube is shutting down its TV-friendly web interface

YouTube is shutting down its TV-friendly web interface

View
SIM-based attack has been used to spy on people for two years

SIM-based attack has been used to spy on people for two years

View
Discord is pulling its subscription service's free games library

Discord is pulling its subscription service's free games library

View
Deluge of Pixel 4 photos confirms a few of the phone's key specs

Deluge of Pixel 4 photos confirms a few of the phone's key specs

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr