But there's a very interesting writeup at Errata Security about what the real scoop likely is (spoiler alert: fraud in the manufacturing process replacing quality chips with less expensive knock-offs to skim some profits). Basically, it's why you ask your mechanic for the used parts he changed in your car (and look at the ones he replaced them with) if you aren't sure about his reputation.
But this is the key part, to me at least:
The story is based on anonymous sources, and not even good anonymous sources. An example is this attribution:The whole article is interesting, but is important for how it demolishes the breathless ZOMG!!!!!eleventy!! in the Bloomberg article. Quite frankly, that's why I'm not linking to Bloomberg, because it's security clickbait.
a person briefed on evidence gathered during the probe saysThat means somebody not even involved, but somebody who heard a rumor. It also doesn't the person even had sufficient expertise to understand what they were being briefed about.
The problem on someone getting to the hardware and doing dirty deeds dirt cheap is a real one - I've personally heard DoD folks discussing this for 15 years or more. But this sure doesn't seem like that's what's happening. Rather, it's just some big mouth media whores helping "journalists" pimp some clickbait.
UPDATE 8 October 2018 09:42: The Department of Homeland Security backs the denials from Apple and Amazon.