Early this month, Bloomberg reported how small "spy chips" were being placed by the Chinese government on motherboards found inside servers used by U.S. tech firms. According to the newswire's sources, one of the companies affected was Apple. But the gang in Cupertino flat out denied that the story was true, stating that Bloomberg was confused. Apple said that in 2016, a single Super Micro server in an Apple lab had an infected driver installed by accident. While Bloomberg continues to believe that its story is accurate, the U.S. government sides with Apple.
This past week, Apple CEO Tim Cook spoke with BuzzFeed about the incident, and the executive is showing some uncharacteristic public anger that he is directing at Bloomberg. The latter claims that Apple discovered some kind of bug planted in a Super Micro server back in 2015, and promptly stopped doing business with the firm. Cook says that the report was based on "vague secondhand accounts" and he told BuzzFeed that "There is no truth in their story about Apple. They (Bloomberg) need to do that right thing and retract it."
For its part, Bloomberg says that it used 17 individual sources for its story, including government employees and insiders at some of the companies named in the article. The news organization says, "We stand by our story and are confident in our reporting and sources."
Speaking of sources, several of the one used by Bloomberg in composing the story now are raising issues about it. One source in particular, hardware security expert Joe Fitzpatrick, told the Risky Business podcast that the story "doesn't make any sense."
Interestingly, one of the two authors sharing a byline on the Bloomberg piece, Michael Riley, was involved in a similar set of circumstances in 2014. That story claimed that the NSA used a flaw then found on many browsers (called Heartbleed) to gather intelligence. Riley's point was that while the U.S. government knew that this bug existed and used it to their advantage, "[m]illions of ordinary users were left vulnerable to attack from other nations' intelligence arms and criminal hackers." The NSA and the New York Times both denied the veracity of the report.