Apple CEO Tim Cook Calls on Bloomberg to Retract Supply Chain Hack Story: 'There's No Truth to This'

[826317]

If their claims were true why would they not hire a bunch of engineers to go through motherboards to actually find these chips? The thing that struck me as a software developer is the lack of information about what kind of software this chip contained to be able to modify a system in such a way to turn it into a spying machine.

 

[SactoGuy18]

The whole story sounded fishy to start with when people started to ask questions about the veracity of it in the first place.

 

[joueboy]

What would happen if it wasn't? Not saying its real but saying WHAT IF...? Something is definitely fishy here but which side it is will only be known in about 10-20 years

All Tim is thinking right now is to keep Apple from getting hurt financially. If it's true he's gonna deny it anyway, if it's false then he has to do action not to further damage the company's image. But Timmy always works for the best interest of China as long as Apple made their products and components there. You don't want to create enemy against the Chinese corrupt government.

 

[haruhiko]

I personally am in agreement with the speculation that the Administration wanted to generate "outrage" against China to support the sanctions they have instituted and certain sources within the National Security echelons were tasked with spreading vague insinuations about Chinese espionage against US companies.

Bloomberg had no reason to doubt these sources, but with no solid statements to what said Chinese espionage was, they contacted various Information Security professionals, one who commented on the specific "hardware hack". Bloomberg then went back to these sources and asked if this was what they were talking about and they went "yes" even though they had no real idea - they were just pushing an agenda from on-high. So Bloomberg ran with it, presuming it to be confirmed as true when it in fact was not.




Tim doesn't even have to admit it is true - he can claim "no comment on national security grounds". He did so before about the NSA's PRISM program that Apple was required to provide iCloud-sourced information to (under legal warrant), but was prevented from commenting on by government decree.

Exactly. This is, as I've said, a distraction from the administration or people close to the administration, for Russia.

 

[NT1440]

Take a look at your MacBook’s motherboard. Now try to add a working uC with minimum core functionality, sufficient amount of on chip memory and network access with only 6 Pins without altering the motherboard so it could stay undiscovered. This is simply not possible today and surely wasn’t 4 to 6 years ago.
This hack doesn’t work without Supermicro being involved and knowing about it beforehand. And there are lots of People to be silenced afterwards that it would again be hard to keep it secret.
This is a dumb story to disparage the Chinese for some (political?) reason.

If it would be possible why stop with Supermicro? And while we are at that, Mobilephones would make a way better target.

I’ve been through this way earlier in the thread. I don’t buy this story at all, I was having some fun with the surveillance state being the point of the joke.

 

[merkinmuffley]

If this were true, I believe it would impact the stock price. How much of Cook’s compensation is tied to the share price of Apple stock?

 

[jona2125]

Take a look at your MacBook’s motherboard. Now try to add a working uC with minimum core functionality, sufficient amount of on chip memory and network access with only 6 Pins without altering the motherboard so it could stay undiscovered. This is simply not possible today and surely wasn’t 4 to 6 years ago.
This hack doesn’t work without Supermicro being involved and knowing about it beforehand. And there are lots of People to be silenced afterwards that it would again be hard to keep it secret.
This is a dumb story to disparage the Chinese for some (political?) reason.

If it would be possible why stop with Supermicro? And while we are at that, Mobilephones would make a way better target.

Well I'm definitely not an expert on this but a lot of the talk has been based around the BMC (low technical effort required to intercept and modify data of it on a physical level), a 6-pin chip hijacking SPI, or an 8 pin chip hijacking QSPI. SuperMicro in the past has had issues maintaining security of the BMC alone, back in 2014 you didn't even need physical access to obtain admin passwords through the BMC, you could ping a port and get into it and it would spit out plain text passwords. Last year stories existed about Apple and SuperMicro but were about firmware that was modified which very well could achieve the necessary modifications to allow external BMC control of a server. Apple denied it then saying it didn't have ANY servers affected. Now this year they have said that they did find ONE server with an issue in their statements about this "spy chip". Granted a lot of things are still far fetched but it's not totally impossible even then.

 

[marine0816]

That's why I love our president Donald Trump. He makes it so easy to call out fake news when you see it.

 

[alphaod]

To expect Bloomberg to retract would lead to a ton of problems at this point. I would imagine they would get sued by all these companies mentioned not to mention huge penalties for stock price manipulation, not to mention how many people would now question the reputation of their other products especially that rip off called the Bloomberg Terminal.

 

[WatchFromAfar]

Take a look at your MacBook’s motherboard. Now try to add a working uC with minimum core functionality, sufficient amount of on chip memory and network access with only 6 Pins without altering the motherboard so it could stay undiscovered. This is simply not possible today and surely wasn’t 4 to 6 years ago.
This hack doesn’t work without Supermicro being involved and knowing about it beforehand. And there are lots of People to be silenced afterwards that it would again be hard to keep it secret.
This is a dumb story to disparage the Chinese for some (political?) reason.

If it would be possible why stop with Supermicro? And while we are at that, Mobilephones would make a way better target.

Why are you you talking about personnel computers like a Macbook? The problem is these chips were inserted (either at the point of Supermicro's production or after they left the factory) into servers which Apple uses. You can look at a Macbook motherboard until the cows come home.

 

[Akrapovic]

Why are you you talking about personnel computers like a Macbook? The problem is these chips were inserted (either at the point of Supermicro's production or after they left the factory) into servers which Apple uses. You can look at a Macbook motherboard until the cows come home.

He's not saying they were on Macbook logic boards. He's saying to look at it as an example of a board and try to work it out. Being more literally and saying "Go walk into an Apple data centre, try not to get spotted, sneak into a server room and dismantle a server without anyone noticing, and then try to work out how it could be done", doesn't really work.
[doublepost=1540048183][/doublepost]

Are you saying Bloomberg are straight up lying? (despite working on the story for 18 months)? Are you saying the 17 sources Bloomberg got information independently from don't exist? These 17 people just happened to make up the same story without knowing about anyone else? or do you tow the company line "nothing to see here, oh look at the iPhone Xr"

If they are straight up lying, doesn't that including working on the story for 18 months and the 17 independent sources? If they are lying, don't you just make up the time frame and number of sources? According to Tim, the story Bloomberg told them didn't even stay the same each time they spoke, nevermind stayed the same through 17 sources.

 

[WatchFromAfar]

If they are straight up lying, doesn't that including working on the story for 18 months and the 17 independent sources? If they are lying, don't you just make up the time frame and number of sources? According to Tim, the story Bloomberg told them didn't even stay the same each time they spoke, nevermind stayed the same through 17 sources.

So for this version of events to be true Bloomberg has to make-up the people working on the story for 18 months, total fake people conjured out of thin air because if they were real and Bloomberg was lying wouldn't these people be doing something else that we can point to over the last 18 months instead of this "fake news" story?

 

[Akrapovic]

So for this version of events to be true Bloomberg has to make-up the people working on the story for 18 months, total fake people conjured out of thin air because if they were real and Bloomberg was lying wouldn't these people be doing something else that we can point to over the last 18 months instead of this "fake news" story?

I'm not saying you're wrong, I'm saying if you're lying then turns out you don't need proof. If you're going to the lengths of making up a massive story that claims that Apple and Amazon are victims of state-sponsored hacking during manufacturing, then adding on a few fake witnesses and saying it took you 18 months is not that hard.

I've got a story for you. North Korea is software hacking Android phones. I've been working on this for 60 YEARS and I have John Smith plus 70 others who confirm it. The problem is, whenever I talk to Google about it, they have an answer to all of my points. And even worse, I don't actually have any evidence of this happening either! I only have my witnesses (who are all totally real), and my word that I've been working on this for 6 decades.

The details of time and witnesses are so spectacularly unimportant compared to evidence that it doesn't matter.

If it's all true and Bloomberg are correct, then you actually need evidence in some form - hardware in your hand, or software logs, etc. The details of witnesses and time are irrelevant without evidence of something going on.

If the Bloomberg reports are not correct, then the details of witnesses and time are still irrelevant, because that's not the story.

Basically, saying "I've been working on this for a long time, and Bobby agrees with me" isn't proof of anything. It lends some support to it, but it doesn't actually mean anything until something is found.

 

[WatchFromAfar]

I'm not saying you're wrong, I'm saying if you're lying then turns out you don't need proof. If you're going to the lengths of making up a massive story that claims that Apple and Amazon are victims of state-sponsored hacking during manufacturing, then adding on a few fake witnesses and saying it took you 18 months is not that hard.

I've got a story for you. North Korea is software hacking Android phones. I've been working on this for 60 YEARS and I have John Smith plus 70 others who confirm it. The problem is, whenever I talk to Google about it, they have an answer to all of my points. And even worse, I don't actually have any evidence of this happening either! I only have my witnesses (who are all totally real), and my word that I've been working on this for 6 decades.

The details of time and witnesses are so spectacularly unimportant compared to evidence that it doesn't matter.

If it's all true and Bloomberg are correct, then you actually need evidence in some form - hardware in your hand, or software logs, etc. The details of witnesses and time are irrelevant without evidence of something going on.

If the Bloomberg reports are not correct, then the details of witnesses and time are still irrelevant, because that's not the story.

Basically, saying "I've been working on this for a long time, and Bobby agrees with me" isn't proof of anything. It lends some support to it, but it doesn't actually mean anything until something is found.

Great post by the way. It still comes down to people saying the story is fake so Bloomberg have to prove their innocence. Can people not comprehend that Bloomberg may be telling the truth and are unwilling/unable to name sources but that doesn't mean the story isn't true? Proving innocence, nobody wants to go there.

 

[Akrapovic]

Great post by the way. It still comes down to people saying the story is fake so Bloomberg have to prove their innocence. Can people not comprehend that Bloomberg may be telling the truth and are unwilling/unable to name sources but that doesn't mean the story isn't true? Proving innocence, nobody wants to go there.

But Bloomberg are the ones making the claims. They aren't being asked to prove they are innocent, they are being asked for backup to the claims they make. And that is where everybody wants to go. You do not and should accept that an accusation is correct without evidence. Currently we have unnamed witnesses (and no evidence they exist), a time frame of 18 months, and a story, and literally nothing else. All that's being asked is Bloomberg proove these accusations somehow. They are not being accused and asked to prove innocents - they are accusing and being asked for evidence to back up the accusation.

Normally, any sort of accusation isn't that big a deal. But this one is so absolutely massive that it had the ability to disrupt the markets. Super Micros stock price went from $21 to $14. It wiped billions off the company and cost a lot of people a lot of money. If it isn't true, what Bloomberg are doing is stock manipulation on a scale than even Elon Musk is jealous of. That is why they are the ones who need to back up their claims - because right now they have absolutely nothing.

Bloomberg could well be telling the truth. But right now, there is no evidence of it other than taking their word. And that just doesn't cut it, unfortunately. The real cat among the pigeons is if someone does find one of these chips. Then that's when things switch around pretty quickly. I imagine Tim Cook would be resigning at that point. But as it currently stands, all we have is Bloombergs word that it's true, and that doesn't cut it.

 

[Tigger11]

Two scenarios here.
1) Bloomberg is right, Chinese are smart and Apple & FBI couldn't find the chip.
2) Bloomberg is wrong.

Can't prove conclusively at this point which option is correct.

This is why people should read the article. Bloomberg says that Apple and Amazon found the chips themselves. So if #1 were true, Bloomberg would be wrong, so your options are that Bloomberg is wrong, or Bloomberg is wrong, that is the issue. Everyone is coming up with scenario's (as you did) that are contrary to the article written by Bloomberg, what if Apple didnt know, what if Amazon didnt know. The article says they did know, so all the statements made by Apple and Amazon are lies or Bloomberg article is made up, since if the statements of apple are lies there are huge fines from the SEC and Bezos and Tim would be removed from their companies board of directors, vs if Bloomberg lies basically nothing happens, I'm going with Bloomberg lying here, especially since they don't have a board despite telling us there are 10-20K of them.
-Tig

 

[FloatingBones]

I would guess it has to do with customer privacy and customer trust, where if Apple was the victim of a malicious actor like this and then covered it up, customer data could have been stolen without acknowledgment.

Of course. Presuming TC is being truthful, it makes perfect sense to escalate this issue. Apple wins when the public becomes educated about privacy violations -- and when they are not happening.

That Bloomberg refuses to stand down is a pretty serious statement from that news organization. I’ve worked with their reporters before and they are professionals.

Agreed. Mark Milian of Bloomberg was on the latest episode of TWiT, and he was quite professional.

IMO, the one real sloppiness was showing an image of a chip that has never been found on any motherboard -- and with no disclaimer in the image noting that exaggeration/extrapolation.

So I am surprised by this situation where Apple has ratchets it up as far as it can go and Bloomberg has not backed down or released additional information to support the claim.

Except that APPL hasn't gone as far as they could go. They could file one or more lawsuits.

--phil

 

[WatchFromAfar]

Two scenarios here.
1) Bloomberg is right, Chinese are smart and Apple & FBI couldn't find the chip.
2) Bloomberg is wrong.

Can't prove conclusively at this point which option is correct.

What about a third scenario? US authorities placed these chips knowing they were going to US companies (Apple, Amazon etc) to spy on their own citizens?

 

[truthertech]

If someone wrote some false things about my company, I would be suing, not asking politely for a retraction.

Why is Tim afraid to sue?

That's why it's good you don't own your own company. You'd spend years of your life and lots of money suing people for things you can't win instead of spending time on making money. Please do a web search on 1st Amendment law and suing the press.

 

[Akrapovic]

if Bloomberg lies basically nothing happens

You can't wipe billions off of the stock of a company and make these claims and expect nothing to happen. And then would come the legal action from any Apple or Amazon shareholder who even lost a dollar. And if it's proven they were wrong, it has knock-on effects for their future. Next big story Bloomgberg break will be "...yeah, remember those chips? Typical Bloomberg this one."

What about a third scenario? US authorities placed these chips knowing they were going to US companies (Apple, Amazon etc) to spy on their own citizens?

I love a good conspiracy

 

[truthertech]

People who don't understand how Bloomberg could be wrong with "17 sources," don't understand how this works. What Bloomberg isn't disclosing is what each source actually is telling them, so many readers assume 17 different FIRST HAND sources independently corroborated this story. What likely happened is that the reporters had coffee with someone they knew in industry and government and told them they knew that there had been a plot to plant these chips. Their sources, not wanting to admit they weren't important enough to be in a position to know such things and having read or heard about Apple's own report of a single Supermicro server having an issue a few years back, "corroborate" the story.

This is the problem known as "self-corroboration." Bloomberg reporters have a source they kind of know that they bring a story to and this source "corroborates" the story. Notice that none of the sources revealed intimate details or any details that could be verified, OTHER THAN BY REPORTERS TALKING TO OTHER SOURCES. Notice, that although this scheme as described would have resulted in a thousands of servers having this chip, not a single one was found by Bloomberg in three years.

 

[WatchFromAfar]

People who don't understand how Bloomberg could be wrong with "17 sources," don't understand how this works. What Bloomberg isn't disclosing is what each source actually is telling them, so many readers assume 17 different FIRST HAND sources independently corroborated this story. What likely happened is that the reporters had coffee with someone they knew in industry and government and told them they knew that there had been a plot to plant these chips. Their sources, not wanting to admit they weren't important enough to be in a position to know such things and having read or heard about Apple's own report of a single Supermicro server having an issue a few years back, "corroborate" the story.

This is the problem known as "self-corroboration." Bloomberg reporters have a source they kind of know that they bring a story to and this source "corroborates" the story. Notice that none of the sources revealed intimate details or any details that could be verified, OTHER THAN BY REPORTERS TALKING TO OTHER SOURCES. Notice, that although this scheme as described would have resulted in a thousands of servers having this chip, not a single one was found by Bloomberg in three years.

While what you say is true, no-one can argue with it, if you are suggesting we live in a World where the free-press has to provide sources that can be fact checked then all off a sudden we live in a a world without anonymous whistle blowers, is that what you want?

 

[citysnaps]

Great post by the way. It still comes down to people saying the story is fake so Bloomberg have to prove their innocence. Can people not comprehend that Bloomberg may be telling the truth and are unwilling/unable to name sources but that doesn't mean the story isn't true? Proving innocence, nobody wants to go there.

No. Bloomberg made extraordinarily serious allegations against Apple.

It is up Bloomberg to put forward proof in the form of evidence and witnesses to back up their extraordinary claims.

In the United States, if you are arrested and charged with a crime, the government has the burden of producing proof, revealing evidence and witnesses, that can be examined and questioned by you or your attorney, to back up their allegations.

While this is not (on the surface) a criminal prosecution, Bloomberg should nevertheless still have that same burden producing evidence and witnesses to back up their assertions.

Until that happens, I'm presuming the allegations against Apple are false.

 

[Jimmy Bubbles]

I bet Tim has “curated” this story smooth off the News app.

 

[WatchFromAfar]

No. Bloomberg made extraordinarily serious allegations against Apple.

It is up Bloomberg to put forward proof in the form of evidence and witnesses to back up their extraordinary claims.

In the United States, if you are arrested and charged with a crime, the government has the burden of producing proof, revealing evidence and witnesses to back up their allegations.

While this is not (on the surface) a criminal prosecution, Bloomberg should nevertheless still have that same burden producing evidence and witnesses to back up their assertions.

Until that happens, I'm presuming the allegations against Apple are false.

But Bloomberg does not need to go about "producing evidence and witnesses to back up their assertions". They researched a story (we can go back and forth all day about whether you believe it or not) and presented their findings to the public. Bloomberg isn't going after Apple for a crime. They published a story and left it up to the public to draw their own conclusions.