My thoughts exactly. They're making claims that virtually everyone in tech is denying and haven't/can't produce any evidence.
Not to mention, if this hardware had been trying to phone home, it's safe to assume it would have set off some kind of an alert at at least one of these places.
"...let us consider a hypothetical. What if:
1. Everything in the Businessweek story is true, Chinese spies planted hardware backdoors in computers built and used by major American companies, and the FBI investigated along with those companies and discovered the backdoors.
2. It is a national-security secret and the companies were instructed by the FBI never to acknowledge it.
3. The companies are patriotically but falsely denying the hack."
If it were Apple, they wouldn’t write a categorical denial because once the “truth” leaked, their credibility would be shot for a long time. The standard Apple answer would be “Apple could not be reached for comment.”
The people hypothetically demanding these denials have gone literally thermonuclear before. It’s an entirely different ball game when you deal with the guys with machine guns.
When you read the article, I believe they are alluding to the fact that Apple and Amazon did discover the vunerabilities.
“In 2016, Apple informed Supermicro that it was severing their relationship entirely—a decision a spokesman for Apple ascribed in response to Businessweek’s questions to an unrelated and relatively minor security incident.”
> Not to mention, if this hardware had been trying to phone home, it's safe to assume it would have set off some kind of an alert at at least one of these places.
Maybe at some big companies, but not anywhere I've worked. I hardly know anyone who audits outgoing traffic with dedicated hardware.
I wonder if there is some magical market cap boundary beyond which companies stop being grossly negligent. We know it's over 200B as Intel somehow never bothered fixing their products for decades, let's hope five times that is big enough.
The original article specifically says that they saw odd network behavior and issues with the firmware. If this is all true (?), that's a piece of how they found it.
Not to mention, if this hardware had been trying to phone home, it's safe to assume it would have set off some kind of an alert at at least one of these places.