The fallout from an alleged widespread hack of major tech firms has reached the U.S. telecommunications market. Following Bloomberg’s blockbuster report last week that detailed how China’s intelligence services planted malicious chips in server motherboards used in data centers operated by Apple, Amazon and many others, a security expert has come forward alleging that a major U.S. telecommunications company discovered manipulated hardware in its network and removed it in August.
Yossi Appleboum, a former Israeli intelligence officer and co-CEO of Sepio Systems, told Bloomberg that his firm was hired to “scan several large data centers belonging to the telecommunications company.” Bloomberg declined to name the company because of a nondisclosure agreement between Appleboum and the telecom company in question. The implant was discovered on an Ethernet connector used on a motherboard developed by Supermicro, according to Bloomberg.
The computer and infrastructure vendor strongly refuted the latest claims. “We still have no knowledge of any unauthorized components and have not been informed by any customer that such components have been found,” the company wrote in response to Bloomberg’s reporting.
While the alleged manipulation of components used by a U.S. telecom company differs from the more widespread hack alleged to have hit Apple, Amazon and other major U.S.-based tech firms, the characteristics of the hack are similar. According to Bloomberg, the intent of the implant is to “give attackers invisible access to data on a computer network in which the server is installed” and the alterations were allegedly made at the same factory used by a Supermicro subcontractor in China.
Apple and Amazon refuted the original claims, and the four biggest U.S. telecom operators in the U.S.—AT&T, Verizon, Sprint and T-Mobile—have also denied the latest hack allegations, according to Motherboard.
If the allegations are true, the chip may need to be extracted or rendered inoperable, said Bill Ho, founder and principal analyst at 556 Ventures. “If these servers are widespread within the telecom provider, it could be a risk assessment on their part,” wherein the affected company would have to remove the implant or take down the server entirely.
Moreover, any services running on those servers would need to be switched over to nonaffected servers with the same supposed security level, Ho added: “The overarching issue in the tech community will be how closely they are looking at hardware hacks.”
The industry is more accustomed to dealing with hacks that originate in software, but because this alleged hack began in China, it will “bring up and possibly reaffirm the distrust of Huawei and ZTE vendors in telecom, even though the servers are more IT focused,” Ho said.
“The Pavlovian reaction is clearly more oversight from regulators and politicians,” he said. “But if this is framed and proven as a dire national security issue then there will invariably be higher scrutiny.”
Indeed, Sen. John Thune of South Dakota, the top Republican on the Senate Commerce Committee, has already requested staff briefings from Apple, Amazon and Supermicro to respond and provide details about their investigations of the alleged hack by the end of this week, according to Reuters. “Allegations that the U.S. hardware supply chain has been purposely tampered with by a foreign power must be taken seriously,” he wrote.