Apple and Amazon deny China hack claims Published duration 5 October 2018

image copyright Reuters

A report alleging that Apple and Amazon had data stolen by Chinese spies has been strongly disputed by both tech firms.

Apple and Amazon have both responded publicly to claims made by Bloomberg Businessweek which described the cyber-attack.

The UK's National Cyber Security Centre (NCSC) said it had "no reason to doubt" Apple and Amazon's assessments.

Bloomberg has yet to respond to a BBC request for a comment about the repeated denials from Apple and others.

image copyright Apple image caption Apple was blunt in its response to Bloomberg Businessweek's story

Earlier it said: "We stand by our story and are confident in our reporting and sources."

Full disclosure

Published on 4 October, Bloomberg's story alleges that Chinese spies managed to insert chips on servers made in China that could be activated once the machines were plugged in overseas. The servers were manufactured for US firm Super Micro Computer Inc.

Shares in Chinese tech firms including Lenovo and ZTE fell sharply following the publication of the Bloomberg report.

The news agency's story, which Bloomberg said resulted from a 12-month investigation, relied on unnamed and unidentified sources which, it said, included insiders at both Amazon and Apple.

Bloomberg linked to the denials given to it by the tech firms and Super Micro Computer when it approached them with its evidence.

image copyright Reuters image caption Amazon disputed the findings reported in the spy chip story

Now Apple has published its statement in full on its media site saying it had "repeatedly explained" to Bloomberg reporters that they were wrong.

Apple said it had conducted "rigorous internal investigations" based on the evidence given to it by Bloomberg reporters and had found "absolutely no evidence" to support their claims.

It said: "On this we can be very clear: Apple has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server."

It added that it was not operating under any "gag order" or any other confidentiality restriction that stopped it sharing information.

Amazon published a blog that also said the spy chip story was "untrue" saying it had never found "modified hardware or malicious chips" on its systems.

The NCSC responded to questions about the alleged spy chip attack by saying it was aware of media reports but had "no reason to doubt the detailed assessments made by AWS (Amazon Web Services) and Apple".

It urged anyone with "credible intelligence" about the allegations to get in touch.