Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Stay on top of the latest market trends
Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.
Sports news worthy of your time
Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.
Tech news worthy of your time
Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.
Get the inside stories
Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Want a daily digest of the top Denver news?
Get a daily digest of the most important stories affecting your hometown with Axios Denver
Want a daily digest of the top Des Moines news?
Get a daily digest of the most important stories affecting your hometown with Axios Des Moines
Want a daily digest of the top Twin Cities news?
Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities
Want a daily digest of the top Tampa Bay news?
Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay
Want a daily digest of the top Charlotte news?
Get a daily digest of the most important stories affecting your hometown with Axios Charlotte
Photo: Guirong Hao via iStock / Getty Images
Following up on its controversial story accusing China of implanting chips into Supermicro server motherboards to spy on companies, Bloomberg now reports that a researcher found a different implant in an unnamed company's Supermicro system.
The details: Yossi Appleboum, co-CEO of Sepio Systems, claims to have found a hardware implant in the "ethernet connector" of a telecom company's Supermicro motherboard in August. He could not reveal to Bloomberg what company he found the implant in due to a non-disclosure agreement.
The backdrop: Bloomberg's first story took flack after Homeland Security, the British cybersecurity agency NCSC, and the companies it named — Supermicro, Apple and Amazon — all denied the story.
What the new story means: The latest story provides a new data point that Supermicro systems were involved in espionage. That provides some general support for the first story.
- It does not show evidence the implant in the first story existed, or that any of the narratives arround Apple and Amazon discovering that first implant in the first story were true.
- The new story is based on the experiences of a single person and the secrecy around the target makes it hard for a third party to verify. "This would makes more sense in firmware than hardware," tweeted former NSA hacker Jake Williams, the founder of Rendition Infosec.
- It matters whether the spying tool is hardware or firmware. Firmware, the code embedded in physical devices, is easier to replace than hardware. And it's more likely that spies could tamper with firmware without the cooperation of a company like Supermicro than that they could slip a chip into the assembly of a motherboard.