How China Used a Tiny Chip to Infiltrate U.S. Companies

chip finger

On October 4, 2018, an article published in Bloomberg Business Week described a technique allegedly used to implant a tiny microchip on motherboards produced by
Super Micro Computer, Inc. The microchip was allegedly implanted at factory locations and would interfere with and compromise the baseboard management controller (BMC) firmware of the server.

All companies named in the article as being involved (Super Micro, Apple, and Amazon Web Services [AWS]) have categorically denied all claims. Furthermore, both the U.S. Department of Homeland Security and the U.K. National Cyber Security Centre have issued statements that they have no reason to doubt the detailed assessments made by Apple and AWS that refute the validity of the alleged security breach.

We would like to inform you that HPE is not aware and has no evidence that any motherboards used in HPE products have been implanted with the suspect microchip. Through stringent supply chain risk management practices and controls, which include the vetting of supplier and contract manufacturing supply chain practices, cyber security, physical security, and quality assurance, HPE works diligently to mitigate security risks and deliver the highest quality products to support our IT and computing needs.

Security is also designed into HPE Gen10 servers that use the iLO 5 silicon — including HPE ProLiant, HPE Apollo, HPE Synergy, and HPE BladeSystem — to provide enhanced protection. If the server - essential firmware (like the BMC or unified extensible firmware interfaces [UEFI]) of an HPE Gen10 server is altered, not only will the server likely detect the compromised code, but the server will also recover to a known good state of firmware.

Your business’ security is important to us and it’s why HPE put such strong controls and supplier codes of conduct in place.

Thank you for your business and continued support of HPE products, services, and solutions.