Under-fire server company says no malicious chips found

chrome_2018-12-12_12-27-21.png#asset:8050:featured

Rewind to what feels like years ago, when the blockbuster Bloomberg story broke that Supermicro, a US-based server company, was being targeted by Chinese authorities that embedded secret chips on its devices for monitoring purposes. 

Not only did the story feel like an insane revelation, the claims fell apart so quickly it was unreal. Over the space of 24 hours we saw the security community shift from 'oh my god' to 'um, this makes no sense' and eventually start picking apart the story.

Despite a number of security researchers coming out and saying the story is bogus along with Tim Cook, Amazon and others, Bloomberg has refused to redact the claims or even make a correction. 

Over the past month Supermicro has conducted its own investigation with an outside party, which looked extensively at motherboards from the production line, samples from within Apple and Amazon, as well as the software and firmware embedded on the devices. 

That investigation found nothing of interest, and could not track any unauthorized components or transmissions sent from its servers. Now, Supermicro is considering legal action against Bloomberg. 

Like I said back in October, the story as reported is just so unfeasible that it seems like Bloomberg that it seems like the outlet may have been fed false information. I don't doubt that China has tried hardware attacks before, but there are so much easier vectors than the approach of embedding physical chips.

There's a bigger problem of responsibility here: Bloomberg has the right to protect its sources, but if the reporting is causing serious strife to a business, what's the recourse? It seems, to Bloomberg, that the only answer is silence.


Google faces U.S lawmakers, but gets off easy

Yesterday, Google's CEO, Sundar Pichai, spent over three hours being grilled by U.S. senators as a part of an ongoing series of hearings investigating technology giants and their practices.

I sat through the entire thing, and it was an egregious waste of time, but most of all, an embarrassment. I was hoping for real insight, instead we simply got hollow, self-absorbed lines of questioning.

These officials dragged yet another high-ranking CEO to Washington, only to ask ridiculous basic questions such as why their hate speech was being flagged as hate speech by Google, or how it could be possible that there's only negative news results about the republican healthcare bill (perhaps it's just a bad bill?).

There were plenty of decent ideas in the mix: whether or not Google is biased, how much data the company collects about people and what the company is up to in China. Unfortunately, these questions essentially went unanswered: Pichai expertly dodged every question, and Senators remained hung up on their own search results.

Unlike Mark Zuckerberg, who faced a similar hearing a few weeks back, Pichai was much more relaxed and professional with his answers. If the questions were more pointed, such as demanding an answer from Google about which location data it truly stores on its side, we might have gotten somewhere. 

Instead, we got the usual line: users can do a privacy check-up with our tools whenever they want to. We only track location data if users opt in. If this week's New York Times revelation about background data tracking is any example, that's only a part of the truth. 

We did gleam a single piece of interesting information in the entire three hour event: Google has more than 100 people working on a search engine for China, but has "no plans" to launch in the country yet. If that's the case, why have 100 people work on it? Yet again, left unanswered.

As others have pointed out, the format may in part be the problem: live questions from senators that don't really understand the technology are easily deflected by high-ranking technology CEOs, so perhaps there's a better way, which would force real answers out of startups.

It's a shame, given how brutal the recent UK hearing about Facebook was, and that MPs there wouldn't take "we'll get back to you" for an answer. With all of this in mind, it's easy to see why technology companies aren't really so scared of regulation still: the regulators have no idea what to do.


Huawei executive out on bail, but...

An update on yesterday's insights: Huawei's CFO has been released on a $7 million bail in Canada, provided she is surveilled constantly and monitored via GPS. Now we wait for the US to make its move, but there's another problem...

...China has started firing back about this already. The country has arrested a Canadian diplomat without issuing a statement or reason why, with no way to contact him, but it's difficult to see this as a coincidence. 

There's a great episode of Vox's Today, Explained podcast about why this is so dangerous: the reality is that there's a delicate balance at hand, and Chinese manufacturing is an important part of even the U.S. economy. This escalating could be really damaging on a number of fronts, and everyone's worried about it.


Don't miss these, too

Marriott's data breach traced to China
This report claims that state-sponsored hackers are trying to build a database of high-ranking executives in the US, as well as a wider database of people, and the hotel breach was simply a part of a larger campaign. Er, wow.

Uber managers had concerns about autonomous vehicles just days before fatal accident

Revisions to the EU's dangerous upcoming copyright laws essentially fix nothing

Google+ is going away in April 2019 😱