Can You Trust Chinese Computer Equipment?

Ian Lamont writes "Suspicions about China slipping eavesdropping technology into computer exports have been around for years. But the recent spying attacks, attributed to China, on Google and other Internet companies have revived the hardware spying concerns. An IT World blogger suggests the gear can't be trusted, noting that it wouldn't be hard to add security holes to the firmware of Chinese-made USB memory sticks, computers, hard drives, and cameras. He also implies that running automatic checks for data of interest in the compromised gear would not be difficult." The blog post mentions Ken Thompson's admission in 1983 that he had put a backdoor into the Unix C compiler; he laid out the details in the 1983 Turing Award lecture, Reflections On Trusting Trust: "The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."

It's no problem

[jDeepbeep]

I'll just return my iPod Touch and my 2 MacBooks to Apple, with a little note about the Chinese manufacturing. I'm sure they will understand and give me my money back.

Re:Another reason

[jeffmeden]

But the free market would never lead us to disaster by chasing the lowest common denominator and exploiting our innately trusting human nature! I also don't see how a 'big government' is required to sufficiently instill the kind of nationalism that forces people to buy higher priced, locally produced goods.

Perhaps you have a newsletter?

Re:Short and Sweet

[Monkeedude1212]

Of course you can't. In fact, if you're anything like me, you can't even trust the code that you wrote yourself. A night filled with browsing old Russian Propoganda, Some Vodka, and Rufilin... You wake up the next morning and you have no idea whether that Tax Financer is just a Tax Financer.

Re:Another reason

[lxs]

Weaksauce. He uses ready-made logic gates. Have him build a CPU out of discrete BC547 transistors and I'll be impressed.

Re:Another reason

[vurian]

Never trust business -- big, small, internation, whatever, doesn't matter who, don't trust them. You didn't elect them, they don't represent you, they are out to screw you. And never trust a neighbour -- they don't own what you have, and want it. Make sure you get theirs first. Never trust your parents, or your children. Never trust yourself, even. Never trust! Trust me, you know it makes sense.

Re:Another reason

[Anonymous Coward]

Once upon a time this happened to the Japanese. They started manufacturing things in Usa [wikipedia.org] and using capital letters on their packaging. It's easier than you think!

Re:Another reason

[Tetsujin]

You know that 2/3 of the phrase "trust but verify" is meaningless oxymoronic bullshit designed to mask the harshness of the only significant word, right? Like "strong but sensitive" or "sexy but geeky".

I don't get it.... You're saying "but" is the only meaningful word?

Re:Another reason

[SBrach]

Anyone yelling their personally identifying info into a microphone deserves what they get.

Re:Bad Headline

[MRe_nl]

I'm sorry lyinhart, I don't think I can let you post that.

I honestly think you ought to sit down calmly, take a stress pill, and think things over.

Re:Another reason

[geminidomino]

Don't those US citizens normally just brag about such secrets after a few drinks? ;) .

In further news: General Tso, head of Chinese Special Intelligence, was quoted as stating "A double agent is always just a browjob away"

Re:Another reason

[Anonymous Coward]

I'd trust the chinese government more than the US. The US government has proven they are very interested in screwing me over, while the chinese so far have left me alone.

There is no comparison!

[Remus Shepherd]

I'm amazed at the number of responses saying, 'Well, the US spies on its citizens too.'

Folks, there are laws in the US that restrict surveillance of US citizens. They are allowed to collect aggregate data, and they have far-reaching powers when a subpoena exists due to suspected crime or terrorism. But just spying on regular citizens as a normal function of government -- that should never happen in the US.

I say 'should' because it's possible it does happen in some black project somewhere. But I guarantee you it's much, much smaller and more benevolent than how China spies on its citizens.

If you're comparing Big Brothers, the US one has one eye closed and only sneaks a peek when the cops aren't watching. The Chinese practically live in a panopticon; their government probably keeps track of what color underwear they have on.

Re:Cisco

[Anonymous Coward]

This isn't just for good known to be made in china. This past year we performed an audit of our network infrastructure with Cisco's help. We found almost 10% of our switches were counterfeit. They were all models of layer 2 and layer 3 switches and were virtually indistinguishable from genuine Cisco products down to the enhanced security IOS.

....I think I've seen those counterfeit Cisco switches before.

Did they say "Procurve Networking by HP" ?