Can You Trust Chinese Computer Equipment? 460
Ian Lamont writes "Suspicions about China slipping eavesdropping technology into computer exports have been around for years. But the recent spying attacks, attributed to China, on Google and other Internet companies have revived the hardware spying concerns. An IT World blogger suggests the gear can't be trusted, noting that it wouldn't be hard to add security holes to the firmware of Chinese-made USB memory sticks, computers, hard drives, and cameras. He also implies that running automatic checks for data of interest in the compromised gear would not be difficult." The blog post mentions Ken Thompson's admission in 1983 that he had put a backdoor into the Unix C compiler; he laid out the details in the 1983 Turing Award lecture, Reflections On Trusting Trust: "The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."
Re:Another reason (Score:5, Interesting)
This is just another reason for me to not want to buy Chinese made goods. Unfortunately, so much is made in China that it is nearly impossible to completely avoid the country.
Some component of your car, cell phone, computer, etc. is going to be made in China. I have a feeling eventually they will catch on that people aren't buying Chinese made stuff and will just put stamps on it from their more friendly neighboring countries.
Re:Another reason (Score:5, Interesting)
Chinese equipment. (Score:1, Interesting)
Most of computer hardware is made in Asia and much of it in China. Trying to eliminate China out of the equation is impossible. Sure you could buy Intel chips that were made in Costa Rica, but try to tell Intel to only give you CR chips.
Motherboards? You're going to tell Asus that you only want MoBos from Malaysia? Good luck with that.
Whole computers? Hahahahahahaha. Dream on baby.
We're in a Globalized World. There's no turning back. Trying to weed out products based on politics or some ideology is impossible. You couldn't do it even if you had Gates' money.
So, on topic: worrying about trusting Chinese made equipment is a waste of time because you have no choice. I don't know what kind of software precautions you could take to mitigate any insecurity that you perceive unless you go back to paper files and doing shit by hand.
Re:Another reason (Score:3, Interesting)
They already do; counterfeit parts are a massive issue.
Yeah, someone I work with bought three T1 WICs (Cisco) for their SOHO. Two of the three were counterfeit.
I meant more in terms of someone putting the "MADE IN TAIWAN" stamp on a Chinese made part to trick people into thinking that it's from a country with a better reputation.
It really depends on who "you" are... (Score:5, Interesting)
Computer gear hasn't quite reached biological levels of complexity, where trust is even harder(one malformed Prion in a batch of millions can end up eating holes in your brain); but, from the perspective of a user who isn't a tech god, it might as well have.
That being so, the question of whether you can trust Chinese computer equipment is basically a political one. China's general enthusiasm for industrial espionage is well known, so if you have data on interesting technology or military stuff, the answer is almost certainly "no". If you are basically just Joe Consumer, though, your data are just noise obscuring what Chinese intelligence really wants. You would do better to be worried about the botnet your PC is part of, Google, ChoicePoint, Equifax, the NSA, and whoever is taking advantage of CALEA at that particular moment. The world of technology is a ghastly morass of potential backdoors, quite a few of them not even hidden, that most of us are constantly vulnerable to, and, in a great many cases, actively being monitored through.
Bugged Chinese chips are definitely something to think about if you are doing military COTS procurement, or doing security for somebody who has data of real interest; but, for most of us, it's all just one more piece of assymetric transparency. I, for one, don't feel any warmer and fuzzier about the Americans spying on me than the Chinese spying on me(worse, in fact, because some sinister chinese intelligence agency is substantially less likely to sell my information to advertisers, make it harder to get medical insurance, or damage my credit rating than some warm, fuzzy, American multinational corporation).
I really hope that this threat leads to a general recognition of the need for sound and open practices for security(both in the sense of novel CS research on how to do maximally verifiable stuff, test blackboxes, build verified bootstrap compilers, etc, etc. and in the sense of market acceptance of the fact that mysterious binary firmwares, and "just trust us" responses from vendors, and blackbox systems in general just aren't good enough). That would make things better for everybody. I get the unpleasant sense, though, that a lot of this concern is less about "We really need to understand how to build highly complex systems that are dependable and verifiable for those who use them." and more about "Goddam chinks, only we are supposed to have backdoors and surveillance capabilities!"
Programmers vs. Users (Score:3, Interesting)
If you are a User, you have no choice but to trust the entire universe of code around you. Your watch could contain a rogue program, your car radio, your cell phone, your microwave oven. Everything is enabled with microprocessors programmed by unknown and unknowable people with unknown and unknowable motivations.
All you can do is hope for the best if you are a User.
However, if you are a Programmer you can only use code that you trust and have personally verified in addition to the rest of the Programmer community. Users don't count for much in this world, because they can't help out, they can only blindly follow. Some Users will have Programmer friends and they can just follow in their footsteps, like a line of soldiers through a minefield. Only Programmers have this power.
Sadly, the way people are wired only a very few are going to be Programmers. The rest simply do not have the skills or the mental faculties. The rest of the human race are doomed to simply be Users.
Evidence? (Score:3, Interesting)
So, is there any actual evidence backing all this up, or is it just more anti-Chinese vilification?
(Remember, we have always been at war with Eastasia.)
Re:Another reason (Score:2, Interesting)
On a strategic level, the USA really screwed the pooch by chasing the lowest bidder and not building up our domestic capacity to produce these items.
It goes much deeper than that, too many Americans are overly litigiousness, not at fault and to desperately seek the almighty dollar. Corporations have gone off shore to seek lower cost materials and labor in pursuit of higher profits. You'll note nothing seems to get cheaper to the end user.
Sadly at this point in the game, what other options are there?
And for you small gov't types, this is an example of free market principles colliding with what is effectively a national security issue.
Free Market, pah. As the guy at the end of the supply chain, of mega-corporations, multi-nationals, world-wide supply chains and so on, I don't see the Free Market benefiting me. Profits are sought, exclusive agreements are penned and now it's nearly impossible to find American made electronics or even get a 1/2 gallon of ice cream at you local grocery.
At the end of the day, you gotta trust SOMEONE (Score:3, Interesting)
I'm *far* from trying to defend China or claim they're "trustworthy" ... but taken to its logical conclusion, this line of thinking is a dead-end for most individuals and businesses. Ultimately, yes, you can't know for 100% certain a given piece of software is trusted unless you wrote it yourself .... but what's new? That's always been, and always will be the case ... and unless you were able to engineer your own computer processor and other components on the motherboard, etc. - you STILL can't prove you're running a completely trusted system, can you?
In reality, I think people have to possess some awareness of their computing environment, as a whole - and that may realistically be the best we can do. If some piece of gear is "compromised", it still has to communicate the information it stole to a receiver on the other end. That means, your firewall is capable of either blocking or at least logging that connection. There's also, of course, the "strength in numbers" facet to all of this. Maybe YOU as an individual never noticed something strange was going on with a piece of gear, but as thousands or millions of people become customers/users of the same gear, chance increase that SOMEONE will figure it out. Keep an eye on the tech news and Internet forums, and you'll receive pretty quick warnings about such things. (This is probably also a good argument for going with popular products, vs. obscure ones with a far lower installed user-base?)
Cisco (Score:5, Interesting)
This isn't just for good known to be made in china. This past year we performed an audit of our network infrastructure with Cisco's help. We found almost 10% of our switches were counterfeit. They were all models of layer 2 and layer 3 switches and were virtually indistinguishable from genuine Cisco products down to the enhanced security IOS.
What2Do? (Score:1, Interesting)
In hardware it is harder for them then in software (Score:3, Interesting)
... because hardware means accountability and traceability. Software intrusions are much more convenient for them because the attacks are practically anonymous and nobody can really prove who in China carried them out.
Fake Cisco (Score:4, Interesting)
There is a fairly large amount of counterfeit Cisco gear floating around
http://www.networkworld.com/news/2006/102306counterfeit.html [networkworld.com]
http://www.networkworld.com/community/node/13213 [networkworld.com]
http://www.andovercg.com/services/cisco-counterfeit-wic-1dsu-t1.shtml [andovercg.com]
And we all know where this stuff is made.
OTOH we just bought a huge pile of new Juniper stuff at work, every single piece "Made in China".
Re:Back doors in hardware (Score:5, Interesting)
DoD is really worried about this. They're trying to develop ways to efficiently examine ICs to check for unexpected "features". Right now, it's necessary to open up the IC and put it under a scanning electron microscope, then use software that can extract the logic diagram from the scan.
One of the obvious places to put in a "back door" is in Ethernet controllers. Many used in servers already have logic for hardware "remote administration" (turn machine off, reboot, load code, etc.). It is supposed to be disabled by default, and work only when initialized with keys during hardware installation. Just build a set of default remote administration keys into the chip, and everyone using that chip is 0wned. Send the right UDP packets, and you can take over the machine. This would be completely invisible until activated.
Whenever this subject comes up, I post about it and either get a +5 insightful or get flamed to hell and told I don't know what I'm talking about, so let's see what happens this time. I work in semiconductor design. In a CPU or memory chip there are some sections of the chip that have duplicate/spare circuitry that can be brought into play if some of the main circuitry is defective. This is what people refer to when they talk about trimming memory chips. I don't do this sort of stuff so I don't actually know for sure, but people who post on slashdot claiming to know, say that it would be "easy" to jigger some of the spare circuitry to provide added/surreptitious functionality to the chip.
Thing is: I don't see that this is very useful since it's in ram or the cpu, and it seems to me to be possible, maybe even likely, to see surreptitious traffic from them heading outwards to the ethernet controller chip.
I think -- as apparently do you -- that the most likely places to try to put in backdoors are the I/O chips because it's hard for you to determine what they're doing. But then they have to include some serious functionality, to implement at least a little intelligence to decide what to send, unless they want to send everything, which again would be pretty obvious to someone looking at the hardware.
And since I work at a place that *does* design ethernet controller chips, although that's not what *I* do, I can say with at least some assurance that it's really, really, really unlikely that they could be backdoored.
Let me explain why: on analog and small digital chips, die size is *unbelievably* important because it is directly related to your profit margin. I've done chip layout. We will go to any lengths whatsoever to make the die smaller, even if it means completely relaying out the chip. There isn't any space for extra circuitry at all. Every square mil is loaded.
On top of that, we then run our prototype chips on planet runs, where a bunch of proto chips from various designers are all masked onto a chunk of silicon, in either our own local fab or our tiny owned fab in Europe, and then characterize the returned chip, and do metal changes and maybe a complete new mask set, and only *then* does it go out to the big fabs. And when we get *those* back, we spend months characterizing *them*, making sure that every individual pin has the same leakage current and ESD protection characteristics, as the ones we got back from our local fab, to ensure the chips will actually work in the field.
In order for a Chinese fab to put a backdoor into one of our designs they'd have to increase the die area, which would be really amazingly obvious, or remove existing circuitry, which would be really amazingly obvious. Even if they're so incredibly clever as to redesign the chip better than we can design it in the first place, giving them space to add their circuitry, it's very unlikely that the current draw on every pin during operation and when forced into test mode and pushed to failure, would be within 1% of the chips we got from fabs that we control.
With all that said, my company recently closed our Chinese fabs, an
Re:Another reason (Score:3, Interesting)
Exactly :D
Trust but verify means "we'll agree not to call you a sneaky bastard to your face".
If you take the opposite tack of 'trust no one', then I assume you're going to be wiring up your own circuits, breadboards, and chips, then writing the boot code and machine code by hand before writing the compiler and then finally the test kit?
You certainly have to apply reason and sanity - otherwise you would have to personally build an identical copy of every single item to double check against. Otherwise, you go the opposite route and look for *defects*. Checking for defects or malicious behavior is 'trust but verify'. Checking every single circuit for every single positive and negative test (with full regression at each phase) is more secure (assuming your *tests* aren't compromised or weak) but it is also far more time consuming.
Personally, I'd like to think that I can buy a mobo at a store, slap BSD or Linux onto it, and then watch my OS and Firewall logs for exceptions.
I wouldn't be surprised. (Score:3, Interesting)
Re:Another reason (Score:1, Interesting)
"for you small gov't types, this is an example of free market principles colliding with what is effectively a national security issue."
So you're saying that our manufacturing base shrank because there was _too little_ government involvement in our economy? Let's look at the facts in one field, the auto industry:
Washington imposed a minimum wage higher than the average wage in Japan.
The Feds ordered that U.S. plants be made the healthiest and safest worksites in the world, creating OSHA to see to it.
It enacted civil rights laws to ensure the labor force reflected our diversity.
Environmental laws came next, to ensure U.S. factories became the most pollution-free on earth.
Next, Washington imposed a corporate tax rate of 35 percent, raking off another 15 percent of autoworkers’ wages in Social Security payroll taxes, higher than the taxes imposed by our foreign competitors.
State governments imposed income and sales taxes, and local governments property taxes to subsidize services and schools.
Thus when America was thrust into the Global Economy, GM and Ford had to compete with cars made overseas in factories in postwar Japan and Germany, then Korea, where health and safety standards were much lower, wages were a fraction of those paid U.S. workers, and taxes were and are often forgiven on exports to the United States. Now I'm not saying there's anything wrong with having the safest, cleanest, most diverse, best paying factories in the world. But if you really want those things, be aware and realize that you will pay for them in lost manufacturing jobs.
I won't argue with you the merits of big versus small government. That's for another thread. But understand that a big, protective government comes at a price. Usually, that price is measured in prosperity and liberty. If you're willing to trade those away for the advantages of being taken care of by government, then it's a good trade for you. But don't kid yourself about why our manufacturing base shrank. It wasn't because of not enough government. It was because government made it almost impossible to compete directly with foreign companies making the same products.
Re:Back doors in hardware (Score:5, Interesting)
In order for a Chinese fab to put a backdoor into one of our designs...
If just the IC fab is outsourced, with masks provided, that's true. Many Ethernet chips are designed in Taiwan and fabbed in China, but so far I can't find ones developed entirely on the mainland. That can't be far off; eventually, engineering and design moves near the fab. There are competent IC design houses in China; HiSilicon and C2 Microsystems are sizable design companies. But neither makes an Ethernet controller. The focus of the Chinese design companies tends to be entertainment electronics and portable devices.
Re:Sure... (Score:2, Interesting)
While the USB memory key (in this example) could have low level software to snoop your data, how are they going to get it? Is the USB key going to open a TCP/IP or UDP connection back to their servers without tripping my firewall that a new application is trying to connect? Is my virus scanner going to get tripped that something suspicious is coming out of the key without my interaction?
Just because the cases are not obvious doesn't mean there is no potential for exploit.
Keyboards get a lot of raw sensitive data: usernames and passwords, often even accompanied with the direct URLs where the credentials apply. Now, the keyboard obviously wouldn't be able to open a TCP/IP or UDP connection to upload the data, but it could sneak time-encoded hints about pre-recorded data into your typing. While you type, the keyboard firmware could impose miniature delays that would go unnoticed by the human eye, but would in turn influence the timing of packets sent by an SSH session. Such an attack wouldn't necessitate decrypting the SSH session and it would go completely unnoticed through all your Intrusion Detection Systems and firewalls. The practicality of such an attack can be questioned, but it demonstrates non-obvious applications.
The closest equivalent I can think of for a USB memory dongle would be firmware that could recognize, say, JPEG images in FAT file systems. Any information the firmware recognizes as interesting could be steganographically watermarked into your images by the time you pull them off the dongle. In such a case, any image you upload online that came from that dongle could contain sensitive information and you'd have no idea you uploaded it.
Intel has their own backdoor. HP builds it in. (Score:4, Interesting)
I think it would be difficult to do a company like HP. Any additional chip means additional cost, and HP would notice this right away. It would have to be a company that collaborates in the design stage.
Intel has their own network-facing backdoor built into their chips. HP uses them in its laptops - and HP's outsouced-IT service organization supplies these machines to the companies which hire them.
Look up "Intel AMT" on the web. There's lots of stuff on it available there. It's a "feature" intended for large companies' IT operations to use to remotely administer the workers' laptop and desktop machines: Remote update software, detect malware, cut misbehaving machines off the LAN or shut them down, monitor workers' behavior, ...
It is "below" the main CPU(s) and OS. It runs even if the main machine is off. It is a man-in-the-middle on the network interface, accepting its own connections from the "mother ship" and configurable to "phone home" when on the road. It can monitor and twiddle all the network traffic, monitor all the I/O (including keystroke logging), access the hard drive, stop the processor, monitor applications for watchdog events and shut them down if they "misbehave", halt and restart the main processors, yadda yadda yadda.
It can also present one of its own intercepted connections-from-afar to the main processor as if it were a terminal interface on another chip. The recommended way to configure Linux or Unix on the box is for this interface to be given a login process with root login privileges.
How do you know if it's disabled? The BIOS TELLS you it's disabled. (If you believe that, especially after the next BIOS firmware update, would you be interested in some land in Nevada?)
Re:NSA (Score:3, Interesting)
Can you trust the NSA to not simply forward all the commercially viable information to a corporation, if it serves their interests?
They have apparently used sigint to aid US corporations in the past, whats to stop them now.
I feel no guarantee that the NSA is going to be any more careful about using personal information than the Chinese will be. I am opposed to both of them knowing my personal details. Really the only defense I have is the fact that I am undoubtedly of little interest to either.
Domestic surveillance is greater threat (Score:1, Interesting)
No country has a more comprehensive spy program then the United States. Whatever China can do, the US can do much better in that department. I think the recent aligations against China for hacking gmail accounts is an example. If the US did this to Chinese citizens emails... China would be unlikely to know about it... let alone the email hosting company finding out about it (like Google did).
As far as having network hardware modified to include malware, Trojan, viruses, bots or whatever... the US has done and admitted as much with pride. It was used in the first Gulf War via specially infected network printers. Check it out.
Other printer companies do this without telling the public. These are commercial printers made by several US manufacturers and are widely dispersed across the world in business and residence. These printers attach "invisible" watermarks on the printed output which can later be used to identify the original and individual printer used to create that page. This is also common knowledge and you can prove it to yourself if you have one of these printers and some minor additional equipment.
I would suggest that if such "tampered" hardware is coming from China that it was more likely that China put said component in said device was because some US company or agency requested it be so.
I don't deny China is in the surveillance business (like all International trade countries). But having said this, China is not the one to worry about. Assuming you live within the US, your primary concern for illegal surveillance of your network data is the US government itself.
The current mood appears to be highly forgiving of such by their citizens. Or maybe it is the media who doesn't properly portray the real sentiment of their people. Strange.