The NSA may have played a part in loading spy software onto hard drives last year

Apple suspects server tampering during shipping

Apple is concerned that third parties are intercepting the hardware it uses for its servers during shipping and adding additional chips and firmware in order to spy on the data they store, according to a report from The Information.

Apple is reportedly building its own cloud infrastructure called Project McQueen, which includes servers and networking equipment, partly because of these security concerns states The Information (paywall). 

The technology giant is also looking to move its cloud services in the interim from Amazon Web Services to Google’s Cloud Platform. The shift will see Google running much of Apple’s iCloud services in a deal worth between $400m (£283m) and $600m.

But the move could be merely a stopgap for Apple while it builds its own systems and networking architecture so that it can take full control over these services.

“At least part of the driver for this is to ensure that the servers are secure,” The Information claims.

“Apple has long suspected that servers it ordered from the traditional supply chain were intercepted during shipping, with additional chips and firmware added to them by unknown third parties in order to make them vulnerable to infiltration.

“At one point, Apple even assigned people to take photographs of motherboards and annotate the function of each chip, explaining why it was supposed to be there. Building its own servers with motherboards it designed would be the most surefire way for Apple to prevent unauthorised snooping via extra chips.”

Last year, the Moscow-based cyber-security company Kaspersky indicated that it had discovered spying software that lay deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers that would allow its creator to eavesdrop on the majority of the world’s computers undetected.

Although the security lab declined to publicly name the country behind the software, it indicated that it was closely linked to Stuxnet, the NSA-led cyber-weapon, pointing the finger at the US intelligence-gathering agency.

NSA’s involvement in infiltrating Apple’s hardware is unproven, although carrying out such an endeavour without backing from a significant body, such as a nation state, would prove extremely difficult.

Apple’s stance on privacy has become a major legal issue in recent months as it battles the FBI in court over its refusal to unlock the iPhone of one of the shooters involved in the December 2015 San Bernardino massacre.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them