Stories
Slash Boxes
Comments

SoylentNews is people

Apple Deleted Server Supplier After Finding Infected Firmware in Servers

posted by cmn32480 on Sunday February 26 2017, @11:31PM   Printer-friendly
from the broken-out-of-the-box dept.

Fnord666 writes:

A mid-2016 security incident led to Apple purging its data centers of servers built by Supermicro, including returning recently purchased systems, according to a report by The Information. Malware-infected firmware was reportedly detected in an internal development environment for Apple's App Store, as well as some production servers handling queries through Apple's Siri service.

An Apple spokesperson denied there was a security incident. However, Supermicro's senior vice-president of technology, Tau Leng, told The Information that Apple had ended its relationship with Supermicro because of the compromised systems in the App Store development environment. Leng also confirmed Apple returned equipment that it had recently purchased. An anonymous source was cited as the source of the information regarding infected Siri servers.

[...] A source familiar with the case at Apple told Ars that the compromised firmware affected servers in Apple's design lab, and not active Siri servers. The firmware, according to the source, was downloaded directly from Supermicro's support siteā€”and that firmware is still hosted there.

Source: ArsTechnica

Original Submission

 
This discussion has been archived. No new comments can be posted.
Apple Deleted Server Supplier After Finding Infected Firmware in Servers | Log In/Create an Account | Top | 21 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by TheRaven on Monday February 27 2017, @09:38AM

    by TheRaven (270) on Monday February 27 2017, @09:38AM (#472189) Journal
    And this is why you shouldn't trust cloud services. Apple may have the best of intentions and respect your privacy, but simply by collecting a load of data in one place they're creating a high-value target. No one cares about you enough to try to compromise your account, but the data about you and a few million others is quite valuable in aggregate. Whether it's by inserting unscrupulous employees, compromising something in the supply chain, or old fashioned theft, someone else will get at the data eventually.
    --
    sudo mod me up
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3