Report: Super Micro Dropping China-Made Components After Backdoor Reports

(Image credit: Shutterstock)

According to a report by the Nikkei Asian Review this week, Super Micro has told its suppliers to move production out of China, after its U.S.-based customers started becoming concerned about Chinese espionage. In December, Bloomberg reported that Super Micro chips came with Chinese backdoors and that that was the reason Apple ended its contract with Super Micro.

Backdoor Allegations Impact Super Micro Sales

Super Micro is the third-largest maker of servers, following HP and Dell, with 60% of its sales coming from U.S. customers. However, after allegations that its servers’ motherboards were shipping with Chinese backdoors, the sales dropped significantly. Super Micro now risks losing its third spot in the market to Amazon, Betty Shyu, a server analyst at Digitimes, told Nikeei Asian Review. 

Super Micro's motherboard suppliers include Taiwan's Wistron, a small iPhone assembler, Pegatron, Universal Scientific Industrial, Taiwan's Orient Semiconductor Electronics, as well as its own Taiwanese subsidiary Compuware Technology.

Super Micro had already started shifting its motherboard production from China to Taiwan’s Orient Semiconductor Electronics once the trade dispute between the U.S. and China grew worse in Q4 2018, the publication's source said. The backdoor allegations only accelerated the shift.

Companies Shift Production Out Of China

In 2017, more than 90% of motherboards were being built in China. Since then, multiple manufacturers have started to move production out of China, and in 2018 less than 50% of motherboards were built there, according to Digitimes Research data Nikkei Asian Review cited. 

Super Micro has mirrored this trend, and the company now also reportedly makes less than 50% of servers in China. It also plans to increase the in-house server production in the future to eliminate any perceived risk. Right now, the company mostly assembles the server components in-house, but the parts themselves are outsourced to other suppliers who have typically manufactured them in China.

Bloomberg’s Backdoor Report

Bloomberg report said that sources showed it documents and other evidence that Chinese hackers had infiltrated Super Micro’s motherboards via hardware-level backdoors. According to Bloomberg, the Chinese hack was affecting over 30 U.S. companies, including Apple and Amazon, who were Super Micro’s customers.

Apple and Amazon both denied the allegations that their Super Micro servers were ever hacked soon after the report came out. However, in 2017 The Information reported that in 2016 Apple’s Super Micro servers were updated with malicious firmware taken directly from Super Micro’s support site. The malware seemingly infected Apple’s App Store server environment, as well as the company's design lab.

Apple denied reports that it ended its contract with Super Micro over this incident and returned all the Super Micro servers it had purchased prior to the incident.

In the same report, Bloomberg also said Amazon found a tiny chip in the Super Micro servers used by a company Amazon acquired in 2015, Elemental. Bloomberg said Amazon reported the potentially malicious chip to U.S. investigators, which seem to have discovered that it was developed by operatives from China’s People’s Liberation Army. However, U.S. authorities denied the existence of this investigation.

Whether the embedded Chinese chip in Super Micro motherboards was real or not, it seems clear that the backdoor report has negatively affected both the confidence customers have in Super Micro, as well as Super Micro’s sales. The company may attempt to fix this by moving production outside of China, but winning trust back will likely not be easy.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • AllanGH
    Yeah....it was a matter of time.

    This issue was raised a few years ago as a possibility, since China is so very friendly (not) with Western nations.
    Reply
  • Griffincash
    This is fake news and you know it. There was never any remote device inside of a supermicro server that wasn't meant to be there. Some dumbass didn't know what IPKVM was.
    Reply
  • littleleo
    China has stolen more tech then it has developed. If you don't know that then this is a surprise to you. however if you had to deal with China in business you know that it is true.
    Reply
  • AllanGH
    Griffincash said:
    This is fake news and you know it.

    It is a news story. Whether the claims are baseless or not, it is still what is relevant to our society. So, let's not go down the mentally challenged rabbit hole of screaming "FAKE NEWS!" at something that may be controversial to you.

    After so many years of being subjected to that BS line, I am sick to my eyeballs of hearing and seeing "FAKE NEWS!" ignorantly thrown-around with total disregard to the subject matter of the story published.

    Particularly by somebody who appears to have only signed up to make the claim.
    Reply
  • Griffincash
    AllanGH said:
    It is a news story. Whether the claims are baseless or not, it is still what is relevant to our society. So, let's not go down the mentally challenged rabbit hole of screaming "FAKE NEWS!" at something that may be controversial to you.

    After so many years of being subjected to that BS line, I am sick to my eyeballs of hearing and seeing "FAKE NEWS!" ignorantly thrown-around with total disregard to the subject matter of the story published.

    Particularly by somebody who appears to have only signed up to make the claim.

    I'm sick of bloggers acting like journalist. Make the headline something factual AND related to the article. They did not make these changes based on that reports; there is zero evidence of such. The news is "supermicro is dropping Chinese suppliers", the fake part is where they tied it to the backdoor bullcrap.
    Reply
  • AllanGH
    Griffincash said:
    I'm sick of bloggers acting like journalist.

    Um-hmmm....and, as a professional tech journalist, with direct contact with this segment of the industry, I'm sure that offends you greatly, doesn't it?

    I offer you my sincerest sympathies.

    Nonetheless, we have no evidence one way or the other, at the moment; so, we will have to content ourselves with the fact that a large corporation has announced that it is dropping contracts with Chinese suppliers (a major move), and have stated a reason for this action.....and you are calling it BS.

    Время разъясняет правду.
    Reply
  • Griffincash
    Dude. I agree with almost everything you've said. My point is they didn't report all the new information available regarding that Bloomberg article. It was a click bait headline that didn't need to be. The real news in the article will be overshadowed by some shit that didn't happen.
    Reply
  • AllanGH
    Again, facts don't hide for very long.

    I have dealt with China extensively and understand the politics, governance, and culture. The motivation and means do exist to have those kinds of external resources available to the Chinese.

    It remains to be seen if the government of China has been wiling to take the steps to take advantage of many such opportunities.
    Reply
  • DalaiLamar
    There was an investigation into the allegations after denials from Apple and Supermicro and they found nothing to back them up. This is fake news.
    Reply
  • AllanGH
    Perhaps....but I am on the road, traveling between Los Angeles, and San Bernardino, and I'll research the issue myself....later. I am not persuaded by what appear to be specious arguments by somebody who gives the appearance of emotional investment in convincing me of his own point of view.
    Reply