"Despite the lack of any proof that a malicious hardware chip exists, we are undertaking a complicated and time-consuming review to address the article further", the company said in a letter to its customers dated Thursday.
A Bloomberg Businessweek story cited 17 unidentified sources from intelligence agencies and businesses that claimed Chinese spies had placed computer chips inside equipment used by about 30 companies, including Apple and Amazon and multiple U.S. government agencies, which would give Beijing secret access to internal networks.
Supermicro denied the allegations made in the report and outlined in its letter to customers how complex such a hack would be.
Supermicro executives wrote that not only would the alleged Chinese hackers need to skirt regular testing, but the unauthorised hardware would make it "highly unlikely" for their motherboards to work.
Of course, that assumes that the Chinese don’t know what they are doing.
Even if the supposed hackers were Supermicro employees rather than contractors, "no single employee or team have unrestricted access to the entire design" of their motherboards, the letter says.
The letter says it would have been difficult for companies in Super Micro's supply chain to change motherboards because suppliers do not have access to Super Micro's full designs.
Super Micro CEO Charles Liang called for Bloomberg to pull the article saying that "Bloomberg has not produced a single affected motherboard, we have seen no malicious hardware components in our products, no government agency has contacted us about malicious hardware components, and no customer has reported finding any malicious hardware components, either."
Apple and Amazon denied claims in the Bloomberg report that they had found out about the chips in 2015.
Bloomberg said it stood by its report and was confident of its reporting, which was conducted over more than a year.