Speaking on a podcast published this week, security researcher Joe Fitzpatrick said that the hardware implant approach described “doesn’t make sense.”
“Spreading hardware fear, uncertainty and doubt is entirely in my financial gain, but it doesn’t make sense because there are so many easier ways to do this. There are so many easier hardware ways, there are software, there are firmware approaches. The approach you are describing is not scalable. It’s not logical. It’s not how I would do it. Or how anyone I know would do it.”
In the Bloomberg Businessweek article, published last week, the claim is made that tiny spy chips were inserted into the motherboards used by dozens of companies, including Amazon and Apple. Amazon has blasted the story as being supposedly full of inaccuracies, while Apple has also denied it being true and even written a letter to Congress to say as much. Both have been backed up by British and U.S. intelligence, who say they have no reason to doubt the denials being made.
Speaking on the Risky Business security podcast, Fitzpatrick voiced his skepticism at the fact that a theoretical proof-of-concept hack he demonstrated at the Black Hat 2016 conference would be exactly the approach reported by the Bloomberg story — despite the fact that there are plenty of other, more straightforward ways of carrying out a hack.