Apple and Amazon hit back over China soy chip report
A report alleging that Apple and Amazon had data stolen by Chinese spies has been strongly disputed by both tech firms.
Apple and Amazon have both responded publicly to claims made by Bloomberg Businessweek which described the cyber-attack.
“There is no truth to these claims,” said Apple’s statement.
The UK’s National Cyber Security Centre (NCSC) said it had “no reason to doubt” Apple and Amazon’s assessments.
Bloomberg has yet to respond to a BBC request for a comment about the repeated denials from Apple and others.
Earlier it said: “We stand by our story and are confident in our reporting and sources.”
Published on 4 October, Bloomberg’s story alleges that Chinese spies managed to insert chips on servers made in China that could be activated once the machines were plugged in overseas. The servers were manufactured for US firm Super Micro Computer Inc.
The story suggested that Amazon Web Services (AWS) and Apple were among 30 companies, as well as government agencies and departments, that used the suspect servers.
Shares in Chinese tech firms including Lenovo and ZTE fell sharply following the publication of the Bloomberg report.
The news agency’s story, which Bloomberg said resulted from a 12-month investigation, relied on unnamed and unidentified sources which, it said, included insiders at both Amazon and Apple.
Bloomberg linked to the denials given to it by the tech firms and Super Micro Computer when it approached them with its evidence.
Now Apple has published its statement in full on its media site saying it had “repeatedly explained” to Bloomberg reporters that they were wrong.
Apple said it had conducted “rigorous internal investigations” based on the evidence given to it by Bloomberg reporters and had found “absolutely no evidence” to support their claims.
It said: “On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.”
It added that it was not operating under any “gag order” or any other confidentiality restriction that stopped it sharing information.
Amazon published a blog that also said the spy chip story was “untrue” saying it had never found “modified hardware or malicious chips” on its systems.
The NCSC responded to questions about the alleged spy chip attack by saying it was aware of media reports but had “no reason to doubt the detailed assessments made by AWS (Amazon Web Services) and Apple”.
It urged anyone with “credible intelligence” about the allegations to get in touch.