New evidence of Chinese tampering with Supermicro hardware ‘found in US telecoms company’
A security expert has provided evidence that reveals how China’s intelligence services had ordered subcontractors to plant malicious chips in server motherboards
The expert, Yossi Appleboum, provided documents, analysis and other evidence of the discovery that detailed how China’s intelligence services had ordered subcontractors to plant malicious chips in Supermicro server motherboards over a two-year period ending in 2015.
Appleboum previously worked in the technology unit of the Israeli Army Intelligence Corps and is now co-chief executive officer of Sepio Systems in Gaithersburg, Maryland. His firm specialises in hardware security and was hired to scan several large data centres belonging to the telecommunications company. The company is not being identified because of Appleboum’s nondisclosure agreement with the client.
Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server’s Ethernet connector, a component that’s used to attach network cables to the computer, Appleboum said. He said he has seen similar manipulations of different vendors’ computer hardware made by contractors in China, not just products from Supermicro.
Appleboum said his concern was that there are countless points in the supply chain in China where manipulations could be introduced, and deducing them can in many cases be impossible. “That’s the problem with the Chinese supply chain,” he said.