Report: Super Micro Dropping China-Made Components After Backdoor Reports

Credit: ShutterstockCredit: ShutterstockAccording to a report by the Nikkei Asian Review this week, Super Micro has told its suppliers to move production out of China, after its U.S.-based customers started becoming concerned about Chinese espionage. In December, Bloomberg reported that Super Micro chips came with Chinese backdoors and that that was the reason Apple ended its contract with Super Micro.

Backdoor Allegations Impact Super Micro Sales

Super Micro is the third-largest maker of servers, following HP and Dell, with 60% of its sales coming from U.S. customers. However, after allegations that its servers’ motherboards were shipping with Chinese backdoors, the sales dropped significantly. Super Micro now risks losing its third spot in the market to Amazon, Betty Shyu, a server analyst at Digitimes, told Nikeei Asian Review. 

Super Micro's motherboard suppliers include Taiwan's Wistron, a small iPhone assembler, Pegatron, Universal Scientific Industrial, Taiwan's Orient Semiconductor Electronics, as well as its own Taiwanese subsidiary Compuware Technology.

Super Micro had already started shifting its motherboard production from China to Taiwan’s Orient Semiconductor Electronics once the trade dispute between the U.S. and China grew worse in Q4 2018, the publication's source said. The backdoor allegations only accelerated the shift.

Companies Shift Production Out Of China

In 2017, more than 90% of motherboards were being built in China. Since then, multiple manufacturers have started to move production out of China, and in 2018 less than 50% of motherboards were built there, according to Digitimes Research data Nikkei Asian Review cited. 

Super Micro has mirrored this trend, and the company now also reportedly makes less than 50% of servers in China. It also plans to increase the in-house server production in the future to eliminate any perceived risk. Right now, the company mostly assembles the server components in-house, but the parts themselves are outsourced to other suppliers who have typically manufactured them in China.

Bloomberg’s Backdoor Report

Bloomberg report said that sources showed it documents and other evidence that Chinese hackers had infiltrated Super Micro’s motherboards via hardware-level backdoors. According to Bloomberg, the Chinese hack was affecting over 30 U.S. companies, including Apple and Amazon, who were Super Micro’s customers.

Apple and Amazon both denied the allegations that their Super Micro servers were ever hacked soon after the report came out. However, in 2017 The Information reported that in 2016 Apple’s Super Micro servers were updated with malicious firmware taken directly from Super Micro’s support site. The malware seemingly infected Apple’s App Store server environment, as well as the company's design lab.

Apple denied reports that it ended its contract with Super Micro over this incident and returned all the Super Micro servers it had purchased prior to the incident.

In the same report, Bloomberg also said Amazon found a tiny chip in the Super Micro servers used by a company Amazon acquired in 2015, Elemental. Bloomberg said Amazon reported the potentially malicious chip to U.S. investigators, which seem to have discovered that it was developed by operatives from China’s People’s Liberation Army. However, U.S. authorities denied the existence of this investigation.

Whether the embedded Chinese chip in Super Micro motherboards was real or not, it seems clear that the backdoor report has negatively affected both the confidence customers have in Super Micro, as well as Super Micro’s sales. The company may attempt to fix this by moving production outside of China, but winning trust back will likely not be easy.

    Your comment
  • AllanGH was a matter of time.

    This issue was raised a few years ago as a possibility, since China is so very friendly (not) with Western nations.
  • Griffincash
    This is fake news and you know it. There was never any remote device inside of a supermicro server that wasn't meant to be there. Some dumbass didn't know what IPKVM was.
  • littleleo
    China has stolen more tech then it has developed. If you don't know that then this is a surprise to you. however if you had to deal with China in business you know that it is true.