Chinese spies infected Supermicro motherboard supply chain with tiny microchip

Bloomberg reports that in recent years, dozens of US companies were electronically infiltrated by Chinese spies via a supply chain hack. Almost 30 companies, including Amazon and Apple, were the subject of an advanced, nation-state-level hardware attack that is extremely hard to detect.

U.S. officials believe a Chinese military unit designed and manufactured a chip that's as small as the tip of a pencil. This tiny chip includes memory, networking capability, and sufficient processing power. It can alter an operating system's core, and phone back home for further instructions and code.

It's believed the Chinese spy chip found its way into the US via a supply chain hack. San Jose-based SuperMicro is one of the largest server motherboard makers, it saw its motherboards compromised via the insertion of the spy microchip at one of its China-based suppliers. The infected motherboards were then built into servers assembled by SuperMicro, and found their way inside data centers operated by dozens of firms.

The discovery send a shockwave through the intelligence community, as this is the first time such a broad attack has been discovered. US spy agencies are known to intercept devices as they're in transit from manufacturer to client, but infecting the hardware from the very beginning is a whole different level.

One country in particular has an advantage executing this kind of attack: China, which by some estimates makes 75 percent of the world’s mobile phones and 90 percent of its PCs. Still, to actually accomplish a seeding attack would mean developing a deep understanding of a product’s design, manipulating components at the factory, and ensuring that the doctored devices made it through the global logistics chain to the desired location—a feat akin to throwing a stick in the Yangtze River upstream from Shanghai and ensuring that it washes ashore in Seattle. “Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow,” says Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc. “Hardware is just so far off the radar, it’s almost treated like black magic.”

Full details with more background info and the ramifications for SuperMicro and its clients can be read at Bloomberg. In a statement to Bloomberg, Apple, Amazon and SuperMicro denied the existence of this spy chip.