Security researcher named in China spy chip story voices doubts

By

This isn't actually Apple's data center, but it's close.
The alleged incident would be a seismic security breach.
Photo: Pexels

One of the sources named in Bloomberg‘s recent report on alleged Chinese spy chips in motherboards used by Apple and other companies has cast doubts on the story.

Speaking on a podcast published this week, security researcher Joe Fitzpatrick said that the hardware implant approach described “doesn’t make sense.”

He noted that:

“Spreading hardware fear, uncertainty and doubt is entirely in my financial gain, but it doesn’t make sense because there are so many easier ways to do this. There are so many easier hardware ways, there are software, there are firmware approaches. The approach you are describing is not scalable. It’s not logical. It’s not how I would do it. Or how anyone I know would do it.”

In the Bloomberg Businessweek article, published last week, the claim is made that tiny spy chips were inserted into the motherboards used by dozens of companies, including Amazon and Apple. Amazon has blasted the story as being supposedly full of inaccuracies, while Apple has also denied it being true and even written a letter to Congress to say as much. Both have been backed up by British and U.S. intelligence, who say they have no reason to doubt the denials being made.

Speaking on the Risky Business security podcast, Fitzpatrick voiced his skepticism at the fact that a theoretical proof-of-concept hack he demonstrated at the Black Hat 2016 conference would be exactly the approach reported by the Bloomberg story — despite the fact that there are plenty of other, more straightforward ways of carrying out a hack.

“It was surprising to me that in a scenario where I would describe these things and then he would go and confirm these and 100% of what I described was confirmed by sources,” he said. One of the journalists who wrote the article reportedly said that while it “sounded crazy,” this is exactly what had been reported to them by “lots of sources.”

“I have the expertise to look at he technical details and I have the knowledge to look at the technical details and see that they’re jumbled,” Fitzpatrick said. “They’re not outright wrong, but they are theoretical. I don’t have the knowledge to know the other conversations — the other 17 sources and what they said, but I can infer — based on the technical side of things — that the non-technical side of things may be jumbled the same way.”

While it would be foolish to entirely dismiss the Bloomberg article altogether, right now it certainly seems like the publication needs to come forward and reveal some more details to make its case.

Source: Risky Business

Via: Apple Insider