A blockbuster new report has indicated that the Chinese government sought to gain backdoor access to over 30 companies, including Apple, Amazon, and government contractors. The cyber-spying was apparently discovered by Amazon and Apple after the companies purchased servers from US company Supermicro and had them tested by third parties. Those third parties discovered that the motherboards of those servers contained tiny microchips that were not part of the original design. Some of the chips were smaller than the tip of a pencil and were embedded in between layers of the motherboard onto which other components were attached.
The ostensible reason for the embedding of those chips was to allow the Chinese government access to those computers, compromising any network on which those computers were running. The chips were allegedly installed on motherboards within the factories of Chinese subcontractors either at the behest of or directly by Chinese military authorities.
While US spy agencies have long been known to waylay shipments of tech equipment and insert bugs and tracking devices while they’re en route between a vendor and a customer, the Chinese government apparently compromised these server motherboards during the manufacturing process. But how did the Chinese government know that these motherboards would end up at Amazon, Apple, and other companies?
The scary answer is that the Chinese government might not have known. Out of all the millions of computer components produced in China every year, the likelihood that these compromised components just happened to make it randomly to Amazon and Apple is incredibly small. Likewise, the possibility that these components could have been segregated from the normal supply chain and held specifically for customers such as Apple and Amazon is also small, as there would have been no way to tell where Amazon or Apple’s servers would have been produced.
China is the world’s largest producer of computer accessories, cell phones, and PCs, so infiltration like this could be happening on a large scale without most people knowing about it. In all likelihood it may not just be server motherboards that are compromised, but also motherboards for PCs, tablets, and phones. Unless manufacturers and vendors have tested their products to ensure that they’re free from interference, there’s no telling what could be compromised.
While targeting large companies and government agencies can provide useful information to intelligence agencies, controlling consumer devices could be even more devastating. Just imagine the possibility that China could shut down cell phones, computers and servers in the United States with just a single command. Now that we know that the Chinese government has the capability to hack hardware, it may just be a question of when, not if, something like that will occur.