Supermicro, that too many chip talks to China
A few hours after a phone call with which Biden took a step towards a minimum thaw in relations between the US and China, while directing attention to political events in Myanmar, the tension between the two countries returns to high following a report signed by Bloomberg with which what apparently happened on Supermicro servers is highlighted. The beginning of the story dates back a few years ago and, even if the ending has not yet been written, in all probability it will not be a happy ending.
It is not clear whether what is indicated today refers to the intrusions that Supermicro itself had already publicly admitted, although without disclosing further details on what was found. These were the years 2011-2018, the period immediately following the discovery of Lenovo PCs used in Iraq by the army and subsequently discovered with clear unauthorized alterations. Furthermore, Supermicro itself would not be suspected of anything, but the problem would lie upstream, at the level of design and component supply.
The solution imagined, in short, is that of a strong break on the assembly lines of the devices. : what is "made in the USA" must be throughout the entire supply chain. Delegating part of the assembly to China, in fact, could lead to security problems deriving from an overt propensity of the "enemy" country to exploit the hardware development chains for its own purposes. In short, there is no real secrecy if the hardware comes from China, and for groups like Supermicro this could become a problem in terms of the entity list. According to some analyzes, the chip in question could even be activated by special updates, moreover also targeted on specific machines: a horizon very similar to what has already been seen in the Solarwind case.
Source: Bloomberg
Supermicro spoiled by the Chinese chip?
Bloomberg claims to have reconstructed the story through dozens of interviews, many of which remained anonymous to protect their sources. But all versions would coincide: over the years traces of chips capable of transmitting information to China would have been found on Supermicro servers. According to US analysts, this would be nothing more than the demonstration of how essential it is for a US company to have full control of the development chain, under penalty of falling into the Chinese grip. According to China, this is yet another unproven speculation, carried out for the sole purpose of discrediting China by generating fears not supported by the facts.It is not clear whether what is indicated today refers to the intrusions that Supermicro itself had already publicly admitted, although without disclosing further details on what was found. These were the years 2011-2018, the period immediately following the discovery of Lenovo PCs used in Iraq by the army and subsequently discovered with clear unauthorized alterations. Furthermore, Supermicro itself would not be suspected of anything, but the problem would lie upstream, at the level of design and component supply.
The solution imagined, in short, is that of a strong break on the assembly lines of the devices. : what is "made in the USA" must be throughout the entire supply chain. Delegating part of the assembly to China, in fact, could lead to security problems deriving from an overt propensity of the "enemy" country to exploit the hardware development chains for its own purposes. In short, there is no real secrecy if the hardware comes from China, and for groups like Supermicro this could become a problem in terms of the entity list. According to some analyzes, the chip in question could even be activated by special updates, moreover also targeted on specific machines: a horizon very similar to what has already been seen in the Solarwind case.
Source: Bloomberg