Supermicro CEO Pens Open Letter Addressing Spy Chip Claims
Ron Perillo / 6 years ago
Addresses ‘Technical Implausibility’ of Bloomberg Claims
Bloomberg published an exclusive report three weeks ago, stating that hardware spy chips are embedded in Supermicro motherboards. These chips are supposedly the size of a pencil-tip and are difficult to detect. Furthermore, Bloomberg claims that their sources inform them that there is a supply chain vulnerability affecting these products. Supermicro, as a US-based company with hardware manufacturing in China thoroughly refutes this claim. So did Apple and Amazon who issued statements almost immediately after the report’s publication. Bloomberg has since not backed down and in fact has doubled down on their claims.
What Does Supermicro Say About the Bloomberg Report?
Now Supermicro’s CEO Charles Liang has penned an open letter directly elaborating on the report. Signing the letter with Liang are Supermicro SVP and Chief Compliance Offier David Weigand and Raju Penumatcha, SVP and CHief Product Officer.
The company breaks down the report under three headings: regular testing, technical implausibility and supply chain management. This makes it easy for everyone to see their side of the supposed non-issue.
Supermicro insists that the company’s engineer-led culture ensures that product testing is at the forefront of their work. Adding that they test their products every step along the way, and they test “every board” and “every layer of the board.” Each stage of manufacturing and assembly requires inspection of the layout and components used. Moreover, Supermicro employees are present on site with assembly contractors throughout the process.
In terms of technical viability of Bloomberg’s claims, Supermicro says that it is highly unlikely. Suggesting that due to the complexity of their motherboard design, it is impossible for it to remain functional and pass their checks if what the report claims is true.
“It would be virtually impossible for a third party, during the manufacturing process, to install and power a hardware device that could communicate effectively with our Baseboard Management Controller” says the open letter. Adding “Because such a third party would lack complete knowledge (known as “pin-to-pin” knowledge”) of the design.”
How Possible is a Supply Chain Management Attack?
Supermicro also insists that each of their contractors only know a portion of the board’s design. This makes it impossible for one rogue contractor to pass off a spy chip undetected. Especially without all other contractors knowing.
“If any single contractor attempts to modify these designs, the manufacturing process is strutured so that those alterations would not match the other design elements,” says Supermicro.
The letter is quite long and provides multiple other explanations why the spy chip attack impossible. Follow this link to read the full open letter, or read it directly below: