The Information had much of Bloomberg's Apple story 19 mos. ago

But without the Chinese, their spy chip or the denials of intelligence agencies on both sides of the pond.

From Amir Efrati's Apple Severed Ties with Server Supplier After Security Concern ($), posted Feb. 23, 2017:

In early 2016, Apple discovered what it believed was a potential security vulnerability in at least one data center server it purchased from a U.S.-based manufacturer, Super Micro Computer, according to a Super Micro executive and two people who were briefed about the incident at Apple. The server was part of Apple’s technical infrastructure, which powers its web-based services and holds customer data.

Apple ended up terminating its years long business relationship with Super Micro, according to Tau Leng, a senior vice president of technology for Super Micro, and a person who was told about the incident by a senior infrastructure engineering executive at Apple. The tech giant even returned some of Super Micro’s servers to the company, according to one of the people briefed about the incident.

There is conflicting information about the exact nature of the vulnerability and the circumstances surrounding the incident. According to Mr. Leng, an Apple representative told its account manager at Super Micro via email that Apple’s “internal development environment was being compromised” because of firmware it downloaded to certain microchips within servers it had bought from Super Micro.

Apple, insisting that Efrati got key details wrong, referred me to a statement quoted by The Information at the time:

An Apple spokesman told The Information in a statement that Apple was “not aware of... infected firmware found on the servers purchased from this vendor.”

The Apple spokesman declined to describe the nature of the problem Apple discovered. There’s no evidence the episode resulted in theft of data from Apple, and the Apple spokesman specifically said that the company was “not aware of any data being transmitted to an unauthorized party.”

My take: Without the promise of a Chinese spy chip, Efrati's story didn't get much traction.

See also: No Chinese spy chip, says deep state

5 Comments

  1. Ken Cheng said:
    Some key differences:
    • Efrati’s story cites the discovery, “In early 2016, Apple discovered what it believed was a potential security vulnerability in at least one data center server”, while the BB/BW story cites the discovery, “Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards.” So, the dates are different.

    • Efrati’s story states that, “The tech giant even returned some of Super Micro’s servers to the company, according to one of the people briefed about the incident.”, while the BB/BW story states, “As for Apple, one of the three senior insiders says that in the summer of 2015, a few weeks after it identified the malicious chips, the company started removing all Supermicro servers from its data centers, a process Apple referred to internally as “going to zero.” Every Supermicro server, all 7,000 or so, was replaced in a matter of weeks, the senior insider says.”

    So, “some” versus “all” were returned. And, according to BB/BW Apple had removed all 7000 Supermicro servers in a few weeks after the Summer of 2015, ie May. The Efrati article states Apple didn’t even find the issue until 2016, but by then the Supermicro servers were gone, according to BB/BW. You’d think a SVP at Supermicro would know his dates. Either way, this story obviously has holes if both of these scoops don’t agree on some of the base facts. How much is actual insider knowledge and how much is just insider speculation?

    0
    October 8, 2018
    • Ken Cheng said:
      Okay, read the rest of Efrati’s article, and this also stuck out:
      “Mr. Leng said it had “thousands of customers” using the same equipment and he questioned why “only Apple had this complaint? That’s the most puzzling portion.”
      He said Super Micro continued to fulfill prior orders to Apple until the middle of last year. In early August of last year, Super Micro disclosed in an earnings call for the June quarter that it had lost business from two key data center storage equipment customers,”

      So, according to a SVP at Supermicro, only one customer complained, but the BB/BW story has 30 customers affected, and apparently at least Amazon must have done some complaining too. And, according to the SVP, they supplied equipment to Apple right until the1st calendar quarter of 2016, with lost business in the 2nd quarter. According to BB/BW, Apple had already removed Supermicro servers within weeks of finding the problem in May of 2015. Why would Apple still be buying Supermicro servers into the first quarter of 2016, if they already knew servers from Supermicro were a problem from May? The timelines don’t make sense, unless the story wasn’t as thoroughly researched, as it implies.

      0
      October 8, 2018
  2. Apple’s version sides with Efreti’s in several respects, including the year (2016). From the PR department’s statement:

    In response to Bloomberg’s latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers have ever been found to hold malicious chips…

    We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.

    1
    October 8, 2018
  3. Ken Cheng said:
    Ben Lovejoy at 9to5Mac has a great interview with one of the 17 sources, a hacker, and basically exposes the BB/BW story as the writer asking how one would do such a hack, and then going out and “confirming “ the hypothetical almost exactly as it was mooted. The source was surprised and told the author that. So, the story is starting to break down as a fictional account.

    0
    October 9, 2018

Leave a Reply