Super Micro Computer told customers in an Oct. 18 letter that the gist of a recent Bloomberg Businessweek article–reporting the alleged secret implantation of malicious computer chips in motherboards made by the company and used by numerous U.S. companies and government agencies–is “wrong,” and that “from everything we know and have seen, no malicious hardware chip has been implanted during the manufacturing of our motherboards.”
The malicious chips, the Bloomberg Businessweek story asserted, were engineered to enable backdoor data transmissions to China. The allegations in the story, which have prompted inquiries to the company from U.S. legislators, have not found support among U.S. and United Kingdom government cybersecurity authorities.
Super Micro had previously issued a strong denial of the story’s claims, and in the Oct. 18 letter that was also filed with the Securities and Exchange Commission, offered the results of what it called “a complicated and time-consuming review” to further respond to the article.
“We trust you appreciate the difficulty of proving that something did not happen, even though the reporters have produced no affected motherboard or any such malicious hardware chip,” the company said. “As we have said firmly, no one has shown us a motherboard containing any unauthorized hardware chip, we are not aware of any such unauthorized chip, and no government agency has alerted us to the existence of any unauthorized chip.”
The company emphasized its extensive testing regimen for its motherboards, and also stressed the “technical implausibility” of that an unauthorized component could be implanted and become operational.
“Our motherboard designs are extremely complex,” the company said, adding, “This complexity makes it practically impossible to insert a functional, unauthorized component onto a motherboard without it being caught by any one, or all, of the checks in our manufacturing and assembly process. The complex design of the underlying layers of the board also makes it highly unlikely that an unauthorized hardware component, or an altered board, would function properly.”
“Our motherboard technology involves multiple layers of circuitry,” Super Micro said. “It would be virtually impossible for a third party, during the manufacturing process, to install and power a hardware device that could communicate effectively with our Baseboard Management Controller because such a third party would lack complete knowledge (known as ‘pin-to-pin knowledge’) of the design. These designs are trade secrets protected by Supermicro. The system is designed so that no single Supermicro employee, single team, or contractor has unrestricted access to the complete motherboard design (including hardware, software, and firmware),” the company said.