Further investigation in the coming weeks will ultimately prove out the legitimacy of these claims. Regardless of the outcome, the idea of this type of manipulation is unsettling.
Supermicro has been a long time partner of RAVE. We have been in constant contact with their personnel to make sure we are completely up-to-date on the facts, their responses and their path forward. At this time we have no reason to question the authenticity of official statements made by Supermicro, Apple and Amazon.
Supermicro is actively working on formal technical documentation that they say will irrefutably disprove the allegations made in the Bloomberg article. It will provide insight into the comprehensive quality control processes that are in place at their manufacturing facility, at their contract manufacturers and at their California distribution center, where all of their products enter when they arrive in the United States. We will share this information with you as soon as it is available.
Supermicro has created an internal task force that RAVE has direct access to for addressing questions and concerns related to the Bloomberg article or the security of Supermicro products. We will be happy to act as your conduit.
We have also had discussions with Supermicro about possibilities for additional testing and specification verification on products prior to shipping to RAVE.
While we do not have control over the manufacturing processes of Supermicro components, we do have control over our internal quality practices. As a government contractor, years ago RAVE implemented counterfeit parts prevention measures. We ardently follow these measures including ensuring that we are only sourcing products from Supermicro direct or from their authorized distribution channel. Upon receipt at RAVE we assess authenticity based on packaging, labeling and intended functionality.
If you have concerns about product you have already purchased from RAVE please call us at 589-939-8230. We have the ability through our contacts at Supermicro to supply you with the country of origin, serial numbers and lot tags. We can also let you know if a different manufacturer’s motherboard can be substituted. For future needs RAVE can help you identify alternative manufacturers if desired.
Although there is no substantiation that hardware manipulation occurred on any Supermicro boards, some companies are asking for additional proofs that their current systems have no hardware manipulation. We are in the process of exploring options to understand what kind of evaluations might offer “proof” of no tampering and what those evaluations might cost in time and resources.
There are numerous good practices that your company should implement that can lessen the risk of becoming affected by malware sometime in the future:
- Know your suppliers and insist that any products you purchase from them are genuine and purchased through authorized channels. Ask about the supply chain, country of origin etc. (As in the Supermicro story, just because someone is a major OEM brand is not protection in itself.)
- When purchasing computer hardware, if getting multiple bids and one bid is much lower, ask lots of questions before you buy. Some companies base their pricing on being able to source cloned/counterfeit products or “inventory pulls” or “product overstock” sourced directly from off shore manufacturers.
- Make sure your company has a comprehensive cyber security program in place. Make sure your firewall features that can monitor egress traffic are enabled.
- Secure your network. Use products such as network analyzers and network storage security appliances.
We understand the concerns and want to be transparent in how we are addressing them internally. You have my guarantee that the RAVE team will continue to work with you as your trusted technology partner to determine the best methodologies and solutions to meet your organizations individual computing needs.
If you have specific questions about the Supermicro products that you have received from RAVE in the past or about what your future options are, please call 800-966-7283 and ask to speak with your account manager. We will coordinate the appropriate RAVE and Supermicro resources to alleviate any trepidation with Supermicro products you currently have or are looking to deploy in your environment.
CEO and Co-Founder