Supermicro has faced allegations for months that some server motherboards it sold contained malicious chips that opened a backdoor into the data centers of major technology companies, including Apple and Amazon. On Tuesday, the company said that it had found no evidence its hardware had been compromised. It hired an independent firm to determine whether the claims were accurate.
The company came under scrutiny earlier this year after a Bloomberg report claimed that some Supermicro motherboards were carrying covert implants inserted in factories operated by the company's Chinese contractors. Supermicro said that the firm it hired had audited a representative sample of its motherboards, including its more recently manufactured products, and found no evidence of malicious chips.
The company was unable to find any evidence supporting the Bloomberg report. The implants, according to Bloomberg, were camouflaged as tiny passive components and were added to the boards during manufacturing. The report said that the malicious chip was designed to give Chinese intelligence agents a secret door into the networks of almost 30 American companies, including government contractors.
Charles Liang, Supermicro’s founder and chief executive officer, said Tuesday: “no government agency has ever informed us that it has found malicious hardware on our products; no customer has ever informed us that it found malicious hardware on our products; and we have never seen any evidence of malicious hardware.” He added: “Today’s announcement should lay to rest the unwarranted accusations.”
The Silicon Valley company said that it had safeguards in place to protect Supermicro motherboards from tampering. The company said that its employees are required to be in the factories where the boards are assembled. There, they oversee electrical, functional and other automated inspections. Supermicro tests every layer of every board during assembly, the company said in its letter to customers.
Supermicro said that every motherboard is tested against its design. That allows the company to detect components that have been misplaced or are not supposed to be there. The company said that it rejects any motherboard that does not match its design. To guard against tampering, no single employee, team or contractor has unrestricted access to any complete board design, according to Liang.
The company released a short video in which it called the alleged infiltration of its motherboards at assembly “impossible.” Apple and Amazon have both vigorously denied any knowledge of malicious chips, hardware manipulations or other vulnerabilities purposely planted in any of their servers. The denials came after Bloomberg reported that both companies had turned up the chips in their data centers.