Apple to U.S. lawmakers: China did not hack us, as reported

Apple is strongly denying to Congress an explosive report that its products have been compromised by the Chinese government.

Apple’s top security officer told lawmakers the company has found no evidence of claims made in a report published last week. His response comes after the Department of Homeland Security and Britain’s national cybersecurity agency both said that they believe denials by Apple, Amazon and others of the Bloomberg report that the Chinese government planted surveillance microchips in servers used by U.S. tech giants.

The chips were reportedly inserted into motherboards for servers made by a San Jose-based company, Supermicro, which also denies Bloomberg’s story.

“We are eager to share the facts in this matter because, were this story true, it would rightly raise grave concerns,” George Stathakopoulos, vice president of information security at Apple, wrote to the leaders of the House and Senate commerce committees on Monday. “A compromise of this magnitude, and the effective deployment of malicious chips like the one described by Bloomberg, would represent a serious threat to the security of systems at Apple and elsewhere.”

This echoes the company’s denial to the press last week, and is in line with Amazon’s response, too.

“At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems,” Amazon said last week. “Nor have we engaged in an investigation with the government.”

The Bloomberg report, published Thursday, also claims that there is an ongoing FBI investigation into the issue. Supermicro said last week it is not aware of any such investigation, either, and had not been contacted by the government.

Besides raising concerns among consumers, any perceived insecurity of the products or services of U.S. tech giants could affect their ability to land government contracts. The U.S. government has been suspicious of Chinese-made technology and this year forbade its agencies from using products made by companies such as Huawei and ZTE.

“Concern for supply chain security is absolutely central to the way we run our business,” said Apple’s Stathakopoulos in his letter to Sens. John Thune, R-S.D., and Ben Nelson, D-Neb., on the Senate Committee on Commerce, Science and Transportation, and Reps. Greg Walden, R-Ore., and Frank Pallone, D-N.J., on the House Committee on Energy and Commerce, a copy of which was provided to this news organization. He said he would be available to brief the lawmakers’ staff on the matter — which he said the company has been investigating since it was contacted by Bloomberg in October 2017 — this week.

One lawmaker, Rep. Chris Stewart, R-Utah, told Bloomberg TV last week that if the report is true, it would represent the “holy grail of hacking.” Bloomberg has said that it stands by its report, which it told other media outlets is based on more than a year’s worth of reporting, 100 interviews and 17 anonymous sources that confirmed its reporting.

But government agencies do not appear to be convinced.

“At this time we have no reason to doubt the statements from the companies named in the story,” said the U.S. Department of Homeland Security on Saturday.

“We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS (Amazon Web Services) and Apple,” the National Cyber Security Centre, a unit of Britain’s GCHQ intelligence agency, said Friday.