Update portal compromised, devices' firmware tampered with

Oct 5, 2018 20:07 GMT  ·  By  ·  Comment  · 

After reporting about malicious chips designed to be hardware backdoors being added on Supermicro's server motherboards by Chinese manufacturers, Bloomberg Businessweek reveals that the company's online update portal was also breached in 2015.

According to Bloomberg Businessweek, the Supermicro servers supposedly containing hardware backdoors were bought and used by more than 30 companies in their data centers, among them being Apple, Amazon, a major bank, and government contractors.

In statements released after Bloomberg published their report, Apple, Amazon, and Supermicro all denied knowing the backdoor chips surreptitiously added by Chinese actors to server motherboards bought by the American companies.

Today, Bloomberg Businessweek comes with another report stating that Supermicro was also the victim of a "software" hack in 2015 when their online update portal was breached.

Following the hack, Supermicro's customers downloaded network card firmware containing malicious code added by the actors behind the security breach to allow them to take over server communication traffic.

The Supermicro server breach of 2015 was never made public, and it affected multiple customers who downloaded infected firmware

Among the customers affected by the Supermicro 2015 security incident was Facebook, which denied using any of the servers containing network cards updated using the malicious firmware.

"In 2015, we were made aware of malicious manipulation of software related to Supermicro hardware from industry partners through our threat intelligence industry sharing programs,” said a Facebook spokesperson in an e-mail according to Bloomberg Businessweek.

Moreover, "while Facebook has purchased a limited number of Supermicro hardware for testing purposes confined to our labs, our investigations reveal that it has not been used in production, and we are in the process of removing them,” also stated Facebook's e-mail.

In its denial statement, Apple confirms Bloomberg's report on the Supermicro server breach by saying that at one point they did find an infected driver on one of their Supermicro servers.

"Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs," said Apple in their press release. "That one-time event was determined to be accidental and not a targeted attack against Apple."

  Click to load comments
This enables Disqus, Inc. to process some of your data. Disqus privacy policy

Related Stories

Fresh Reviews

Latest News