Experts point out that 'Supermicro's spy chip allegation' should not be regarded as a problem only for Supermicro

When Bloomberg reports a shocking scoop that Supermicro's server is charged with spy chips for the purpose of stealing data during the manufacturing process in China and the involvement of the PLA is suspected, various kinds of Discussions have been held, and opinions are still not aggregated and the discussion is being disputed. Meanwhile, a security expert quoted in the Bloomberg article also said, "It is dangerous to see this problem as" Supermicro's problem "is alarming.

Yossi Appleboum Disagrees with How Bloomberg is Positioning His Research Against Supermicro
https://www.servethehome.com/yossi-appleboum-disagrees-bloomberg-is-positioning-his-research-against-supermicro/

Patrick Kennedy, who runs the server-related information site STH is, immediately after the news of Supermicro case of Bloomberg, that "there is a doubt about the content of the article from a technical point of view" opinion issued, aimed at stock prices speculation I was pointing out that there might be a background like this. Mr. Kennedy's pointed out is added at the end of the following article.

Bloomberg reports that the Apple & Amazon server was set up a chip to steal data to the Chinese People's Liberation Army's active force, Apple · Amazon completely denied - GIGAZINE

Mr. Kennedy told CEO Yoshi Applebaum of Sepio Systems cited a statement in a report on another hardware / hacking issued by Bloomberg In a telephone conference, this series of Supermicro by Bloomberg We are seeking opinions on the press and we are discussing the problem of hacking this time.

First of all, Mr. Kennedy asked, "Is it not a problem only for Supermicro about hardware hacking that a chip is attached to the motherboard at the manufacturing stage?" Apple Baum said, "I am a vendor at various vendors I found it (hardware / hacking), it is not limited to Supermicro, and hardware / hacking is not limited to server equipment, it is done through many different interfaces. Although it depends on the network, I am talking about a bigger issue and it is something I have to consider even the main products of America, "he said, and a series of riots is a problem limited to Supermicro I replied that it should not be taken.

On that basis, Apple Baum, stating that people think limitedly about the "supply chain", a wider range of people not only manufacturing companies but also developers, technicians and users, In terms of being involved, we have said that we should consider the supply chain widely.

Also, Applebaum thinks "many companies should doubt the hardware as well as software." While the $ 10 billion (about 1 trillion yen) is spent on software attacks, the current situation that it will not spend costs on hardware attacks is irresponsible and will not change It is said that it is not necessary.

Apple Baum CEO, with Bloomberg coverage, has focused on most reports covering this issue, "What happened to Supermicro?" "What did Amazon know about and what did not you know?" I criticize that I am aware that it is a global problem affecting everyone. According to Applebaum CEO, the problem is not a matter of finishing with Supermicro as scapegoat, it is a world level problem to be solved.

In conclusion, "I think Supermicro is innocent, I think that someone is using Supermicro to" dilute "the problem rather than relieving the real threat. It should be understood that it is much bigger than you think, catching this as Supermicro's problem will make you lose the opportunity to face the right problem to be corrected, "Applebaum says.

Even after finishing a telephone conversation with CEO of Applebaum, Kennedy has a problem in that Bloomberg's article not only has poor technical content but also has a one-sided way of thinking about problems that have occurred in Supermicro I have not changed the view that. However, Mr. Kennedy believes that the Bloomberg article had a great significance, as it triggered recognition of attacks on hardware beyond what we have considered beforehand as a general problem.