Back in October Bloomberg released a pair of news articles claiming some motherboards designed by Supermicro but made in China had been compromised with malicious chips that produced backdoors for attack. Today the company has released an open letter to its customers on the results of its investigation that it did with the assistance of a "leading, third-party investigation firm," which is not specified in the letter. A representative sample of motherboards shown in the articles and used by the companies mentioned in the article were examined, along with more recently produced motherboards, and none showed any evidence of any tampering.
Further the letter goes on to share some of the safeguards in place to protect against what the articles claimed, and a video covering these was also shared, and is embedded below. Supermicro states it tests its products at every stage of the process, and each layer of every board is tested. While there are assembly contractors building the boards, there are Supermicro employees onsite for conducting inspections including automated optical, visual, electrical, and functional tests. No single employee, team, or contractor has unrestricted access to complete board designs, and these designs themselves are complex enough to make it very difficult to tamper with, without the aberration being detected, rejecting the board. And finally, the contractors are regularly audited for process, quality, and controls.
In addition to this, it should also be noted that while the Bloomberg article does reference sources, Supermicro unequivocally states it has never been informed of malicious hardware being found on any of its products by governments or customers.
Back to original news post