Much Ado About Nothing
It was back in October of 2018 that Bloomberg posted a story which garnered a huge amount of attention, reporting “that some motherboards made by Supermicro had malicious components on them”. A number of accusations followed the headlines but proof was hard to find; enough so that no one could contradict Apple, Amazon nor SuperMicro’s denials, even after six months. The closest we have come was an experiment done by security expert Trammell Hudson, who showed that it was possible to physically replace a resistor with a component which would theoretically allow you to remotely control the baseboard management controller. That component was not installed on the boards that various companies looked at, and SuperMicro dif not have any records of this component in their inventory.
As Hackaday points out, this would not be the first time that counterfeit or malicious components were inserted into computer components at some point in the supply chain but as of now none have been spotted in the wild. If you are interested in more details on what has been found over the past six months, as well as a quick look at the more recent issues with Huawei you should spend some time on their article and associated links.
Something is up and the story isn’t over. We still haven’t seen the smoking gun Bloomberg claimed with Supermicro, but they haven’t retracted, either. Supermicro is on the mend after all this, and they are among many in an exodus from the security risk of manufacturing in China.