Bottom line: A Bloomberg report on Chinese government spying microchips in hardware used by Apple, Amazon and others may be flawed, but highlights the potential for such spying due to China’s important place in the global supply chain.
As I return to blogging after a couple weeks absence, I wanted to weigh in on an explosive story that ran last week in Bloomberg about tiny spying chips that had been secretly loaded by China’s military onto globally used motherboards. Quite a bit has happened since the original story’s publication (English article), which said that tiny custom-made chips developed by the People’s Liberation Army had secretly been installed into motherboards assembled in China by US hardware maker Supermicro (OTC: SMCI).
The story, which went out of its way to quote quite a few unnamed sources to bolster its credibility, went on to say that those motherboards had been used in servers used by a wide range of companies and government agencies, including Apple (Nasdaq: AAPL) and Amazon (Nasdaq: AMZN). Everyone initially applauded the ground-breaking report, which appeared to show how China could easily insert itself into the global high-tech complex by taking advantage of its important place in the hardware supply chain.But then the wheels started coming off the cart this week, as company after company and even the U.S. government denied any knowledge of the supposed spy chip that Bloomberg was citing at the center of its report. Bloomberg has said it is standing by its story, and most recently published a new story quoting an Israeli computer security expert saying new evidence has been found of hacked Supermicro motherboards used by an unnamed U.S. telecom company. (English article)
But the same article points out that the hacking discussed by that expert is different from the stealth chips in Bloomberg’s original report. That brings us back to the original point of whether the original Bloomberg report was accurate, and if not, then what was happening behind the scenes.
I can’t really comment too much on the accuracy of the report, as anything I say would be purely speculative. But I do know that in general an outfit like Bloomberg would be careful to dot all its I’s and cross all its T’s before running such a report, including being confident of its sources. But that’s not to say that media haven’t been duped in the past on this kind of thing.
Only a few more weeks or possibly months will probably tell how accurate the story was. But I can certainly comment on the bigger picture, which is the possibility that this kind of scenario, whether real or possibly exaggerated, could actually happen. In my view, this is exactly the kind of scenario envisioned by politicians and security experts who constantly warn of dangers of using equipment from the likes of networking equipment giants Huawei and ZTE (HKEx: 763; Shenzhen: 000063).
I’ve repeatedly given my view in this space that Huawei and ZTE probably don’t include any such spying interfaces in their equipment, and Washington experts have never provided any evidence of such backdoors. But the fact is that the strange relationship between Beijing and all companies in China, be they state-owned or private, means it would probably be quite easy for the military or any other government body to insert itself into the hardware-making process anytime it wanted.
China has already shown it is willing to insert itself this way by having government officials stationed at many of the big Internet companies to ensure they comply with the nation’s strict self-censorship policies. So it might be a little more complex but certainly not unheard of for that same government to quietly order the insertion of spyware for hardware makers like ZTE, Huawei and even PC maker Lenovo (HKEx: 992).
That fact wasn’t lost on investors, who pummeled Lenovo’s Hong Kong-traded shares shortly after the Bloomberg report came out last week. The reality is that China has ensconced itself firmly in the global supply chain for high-tech components. That means Beijing has a relatively easy entry point to install its spyware into critical components used throughout the world if and when it ever wanted because of the government’s unusual power over enterprises.
I imagine the Bloomberg report, even if it’s ultimately proved to be flawed, will serve as a bigger wake-up call for high-tech manufacturers, if nothing else. That could be bad news for China, as many of those manufacturers may decide to move at least some of their production to other more secure countries like India and ones in Southeast Asia, to produce components and other high-tech parts that can be more easily guaranteed to be “spy free.”