re-emphasizing "allegedly"... I'm getting more and more skeptical of this story


It's amazing how contradictory the story and the denials are.

Apple doesn't have a lot of wiggle room if the story is true, and the journalist doesn't if the story is false.

@switchingsocial size of the chip shown is what has me most skeptical, given what it allegedly does?

@switchingsocial I actually don't doubt that there are many layers of backdoors in our systems.. heck, Intel ME is one well known one.

Not sure this is real though.


Looking at Twitter conversations about the contradictions between Bloomberg, Apple and Amazon, two theories have come up:

Theory 1: Story is untrue, someone in administration planted story or misled Bloomberg, perhaps to strengthen demands for sanctions against China (and/or to make money from shorting Supermicro)

Theory 2: Story is true, Apple and Amazon are under some kind of gag order that compels them to lie

@switchingsocial but if they're under a gag order why aren't they just saying nothing


Agreed, they seem to both be unusually stridently denying this. Doesn't sound like they're under duress.

@switchingsocial so either

a) it's true and all associated companies think it's a bigger technical risk to say nothing than to outright deny, despite a later reveal being sure to be hugely bad for them *and* it's a heck of an engineering feat for something that small or
b) it's not true

not saying a) isn't possible but b) seems more likely


@cwebber well, we've seen denial from large companies before. Palm denied that the Palm Pre uploaded GPS coordinates to their servers, despite me finding them in their outgoing log queue.

@cwebber as to the chip's size, IPMI provides most of the functionality, could this just be a IPMI backdoor chip?

Given how insecure IMPI was, especially in this time frame, the chip could have just done some basic firewall bypass callout to let the attackers talk to the IMPI and they could have then simply hacked IMPI.

Sign in to participate in the conversation

Octodon is a nice general purpose instance. more