Several Western Govts. Ban Lenovo Equipment From Sensitive Networks 410
renai42 writes "If you've been in the IT industry for a while, you'll know that Lenovo's ThinkPad brand has a strong reputation with large organisations for quality, dating back to the brand's pre-2005 ownership by IBM. However, all that may be set to change with the news that the defence agencies of key Western governments such as Australia, the US, Britain, Canada and New Zealand have banned Lenovo gear from being used in sensitive areas, because of concerns that the Chinese vendor has been leaving back doors in its devices for the Chinese Government. No evidence has yet been presented to back the claims, but Lenovo remains locked out of sensitive areas of these governments. Is it fearmongering? Or is there some legitimate basis for the ban?"
Their loss (Score:5, Insightful)
Thinkpads are very popular with people who need to do their own maintenance. They use them on the ISS for that very reason. Every part is replaceable and you can download a full service manual with excellent step-by-step illustrated instructions.
Sounds like fear of the boogyman and a bit of racism are really going to hurt the US in the long run.
Re:Their loss (Score:5, Insightful)
Is it racism to be concerned that our military is using computer parts that can't (or won't) be produced at home?
If we had to go to "total war" tomorrow like we had to after Pearl Harbor I think we would be in pretty big trouble if our enemy was from the east and all of our sudden our constant shipping was gone. It we Americans are so damn expensive and corporations are at their height of greed and power we've pretty much forgotten how do that manufacturing.
Re:Their loss (Score:4, Insightful)
It isn't about race, it's about the proven track record of a government tainting their country's products with viruses, trojans and backdoors.
Re:Their loss (Score:5, Insightful)
Proven track record?
Please enlighten me and give me links to that proof of backdoors. (That's what this is about, not virii or trojans.)
All I heard on this matter are accusations without any proof.
On the other hand, we KNOW that the US is spying on everybody...
Re:Their loss (Score:5, Insightful)
You didn't really read my comment, did you?
I was explicitly asking for proof of backdoors, not attacks over the internet with trojans.
I don't doubt that the Chinese government is behind some cyber attacks. Just like the US government and/or their partners were behind Stuxnet and Duqu.
But here we are talking about compromised hardware. And while Western companies and governments have been talking about that for years, I haven't heard of any proof.
If somebody would find proof that any one Chinese company had in fact backdoors designed into their hardware, not only would that company not be able to make any business outside of China anymore, but many other Chinese companies would struggle as well.
So I have my doubts that they are that stupid.
Still, I might be wrong. So: Please share the proof about backdoors (!) in Chinese hardware.
Re:Their loss (Score:5, Insightful)
Agreed!
And, to go along with this, whose hardware *isn't* produced in China? So, why are we even arguing about it? If this wasn't a targeted attack against Lenovo by the US Gov't, wouldn't they ban *all* hardware made in the PRC, which includes Apple, Dell, etc.?
Besides, since Big Brother is so all-knowing, why wouldn't they just stop the conversation between the backdoor and the Chinese bad guys? I mean, they have the big brains in their IT departments, don't they? Shouldn't they be able to detect and stop all those naughty conversations? If they can capture, record, and filter all public conversations, can't they keep their own house protected well enough to block something so simple as a covert "E.T. call home"?
Kind of makes you wonder exactly what they are trying to accomplish (or deflect attention from) with this move... There's an ulterior motive, and another, more interesting, story here behind-the-scenes...
Re: (Score:3)
if they had phone home punch hole in firewalls backdoors wtf would they need trojans for..
besides, the other computers that are still approved come from the same fucking assembly lines, with much dodgier bioses and processes.
Re:Their loss (Score:5, Informative)
Well there have been tons of examples of backdoors loaded into firmware then sold with hardware. The Actel/Microsemi ProASIC3 was found last year to have a backdoor in the chip. http://www.scribd.com/doc/95282643/Backdoors-Embedded-in-DoD-Microchips-From-China [scribd.com]
This is a very heavily used chip that got into western weapon systems, western power control system....
Re:Their loss (Score:5, Interesting)
This case was discussed also on Slashdot [slashdot.org]. However, if I remember correctly, it was never shown that the backdoor" (it had plausible deniability as a bug / stupid debugging feature) was added in the fab and the chip design came from outside China. I would think that if the designer had not put the backdoor in then they would very clearly have denied responsibility.
I'm really interested to know if anyone has any evidence that someone actually found such a backdoor. I'm sure they exist; I'm sure some spy services have found some, however I'm not sure that anyone admitted to doing it (and so giving away the level of their ability) and I don't have any evidence that the bug that was found was created by China (which would be fascinating).
Re: (Score:3)
How it got there is unknown. But it is an example of a hardware backdoor.
Have a look at my other comment, not a direct reply [slashdot.org]; I found out in the company's own press statement that they admitted to inserting it into the design deliberately. Since you were replying to a request for a Chinese backdoor I decided it's a legitimate reply even though I can freely admit that you, yourself, didn't directly mention the Chinese.
A country actively engaging in spying, that has used their products for spying, that did so in firmware ....
If China wants to stop being singled out this way they need to not use their corporations for spying like this.
The countries I can think of in this case are the UK (Enigma) and the USA (Skype and Windows). I know of Chinese software based attacks. Do you have a link to a
Re: (Score:3)
Is the US involvement in the MSWind backdoor confirmed? I thought it had be "plausibly denied". (I may doubt their denial, but that's not proof.)
It has been confirmed that Microsoft gives access to zero days to the NSA [arstechnica.com], so yes.
Re: (Score:3)
Wasn't this found to be a hoax? Or not so so much as a backdoor, but your everyday common bug, that could lead to a hack?
http://blog.erratasec.com/2012/05/bogus-story-no-chinese-backdoor-in.html
Because the idea of discuising a back door as a bug [xcott.com] has never been come up with before?
I just found the key quote:
In other words, there was a backdoor, but it wasn't put there by the Chinese fab, but at the explicit decision of a USA based company. Whether you believe them that it was for their own use or for use by others is another question.
Re:Their loss (Score:4, Insightful)
OK I agree Microsemi took the blame themselves: http://www.scribd.com/doc/149683384/Microsemi-Response-Security-Claims-With-Respect-to-ProASIC3-053112 [scribd.com]
So I'll withdraw this example.
Re: (Score:3)
Things like this [zdnet.com], in face of Snowden revelations, looks like the US Gov was trying to divert attention from itself.
Re:Their loss (Score:5, Interesting)
If you read the ORIGINAL article from Financial Review you may note this:
"Members of the British and Australian defence and intelligence communities say that malicious modifications to Lenovo’s circuitry – beyond more typical vulnerabilities or “zero-days” in its software – were discovered that could allow people to remotely access devices without the users’ knowledge. The alleged presence of these hardware “back doors” remains highly classified."
So, they found hardware vulnerabilities but they aren't stating what they are. Probably because they know that people would start exploiting them immediately. There's a reason this stuff stays quiet. Also note that the ban started in 2006. This is pretty old...it only getting reported now.
Re: (Score:3)
So, they found hardware vulnerabilities but they aren't stating what they are. Probably because they know that people would start exploiting them immediately. There's a reason this stuff stays quiet. Also note that the ban started in 2006. This is pretty old...it only getting reported now.
Or they weren't there, and are part of a propaganda campaign against China. Australia baned Huawei from bidding on NBN. Was that because of Lenovo, or because of the anti-Chinese sentiment that gives us "we think China is spying, but we can't prove it, or even present any evidence of it."
Re: (Score:3)
I think somewhere behind all this is a refusal by Chinese companies to let the USA oversee and audit their manufacturing processes. It's not that they're smarter its that you can't ever fully security test an application much less a piece of hardware because of the possibility of code being triggered by a specific sequence that you may or may not guess to put it simply.
I do think that this is more of a shotgun better safe than sorry approach that happens to highlight our distrust of China.
Re: (Score:3)
But it's likely that the foreign spies would do a better job than the Americans, and very likely that they'd do it cheaper.
Better and cheaper - it's the way to go.
Re:Their loss (Score:5, Insightful)
Well, and let's talk about the US record of viruses (as I believe that's better documented than anything else out there)...
Re: (Score:3)
Yeah, it's not a matter of moral superiority, the U.S. has basically none of that left anywhere, it's about realpolitik. Assume every rival is out to get you as much as you're out to get them, and then some.
Re:Their loss (Score:4, Funny)
Erh... the only country that has a proven track of spying on other countries recently is one that has troubles getting its snow back to its den. And while a large portion thereof belongs to China, it's not quite the same country ... yet.
Re:Their loss (Score:4, Insightful)
Anyone says anything bad about China/Chinese and some PC do-gooder brings up race.
It isn't about race, it's about the proven track record of a government tainting their country's products with viruses, trojans and backdoors.
The fact that they play the race card just makes them look more guilty.
Re: (Score:2)
Re: (Score:2)
If both parties have too much to lose there won't be another war. That's a fortunate consequence of globalization.
The problem with that is there is no way to calculate what priorities the other side will use to calculate when they have "too much to lose."
Re:Their loss (Score:5, Insightful)
If both parties have too much to lose there won't be another war. That's a fortunate consequence of globalization.
Before WWII I'm sure you could have made many reasonable and credible arguments for why Germany would never attack France or why Japan would never attack the US that are equal or better to "globalization". Many wars have started small and escalated quickly and unpredictably, whether it's North and South Korea, Taiwan, those islands south of Japan or whatever one match can start a kindle that'll start a fire to put the world in flames. I mean it's not like anyone saw the US getting involved because a dictator started annexing a few areas around Germany. In retrospect you can say the Mutually Assured Destruction policy worked in the Cold War but during the Cuban missile crisis.it was a very close call.
Maybe your perspective is different but my country of Norway took the neutrality route in the 1930s, no military build-up, no signs of military aggression, we were seeking a position of neutrality and being a non-threat to everybody. What happened was the Nazis said "thank you very much" and invaded with minimal resistance. And today I see the same, with the NATO alliance and Russia being a shadow of its former military might we're running the defense with half a skeleton crew on outdated equipment, we're spending some money on elite units for operations abroad but the mass defense? We'd fall like a house of cards, all the money is bet on their not being any war in the first place.
Re: (Score:3)
Taking that for granted, what I see now is a world much more interdependent than the one we lived in 1914 and 1939. Stronger countries are buying weaker ones in Europe now instead of sending their armies marching on the ruins of the enemies like they did for the last four or five millenia. That's much more efficient: you get loot and don't have to pay for an army and for reconstruction expenses at home. WW2 have been pretty destructive
Re: (Score:3)
Before WWII I'm sure you could have made many reasonable and credible arguments for why Germany would never attack France or why Japan would never attack the US that are equal or better to "globalization".
Really?
You seem to be completely uneducated about WWII.
Perhaps you think that the demands upon Germany for "reparations" after WWI, such as impossible amounts of coal being delivered to the French, was "globalization."
Perhaps you think that when the U.S. froze all Japanese assets in the U.S., and then threatened an oil embargo against them (which accounted for 80% of the oil they imported), that was "globalization" too.
Germany attacked France because the French were complete assholes after WWI.
Jap
Re: (Score:3)
Agreed with most of it.
The French really were quite stupid. And if you look a bit farther back, Germany and France had been doing these harsh reparations with each other for a long time after their various conflicts. Wilson was trying for a good settlement to the issues, but the European (especially Clemenceau) leaders wanted to be harsh.
On the Japanese attack on the US, the US did the oil ( and steel and other "strategic" items ) embargo because Japan had invaded China.
Japan knew another way to get the o
Re: (Score:3)
The neutrality thing doesn't work well unless you arm yourself to the teeth to back it up, the way Switzerland did (and still does). Back in WWII times, they had all their bridges rigged with explosives in case of German attack, there were anti-aircraft cannons hidden in barns, and of course the entire male population is issued a rifle and trains in the militia.
If you declare yourself to be neutral and non-violent, someone is just going to come in and walk all over you at some point.
Re:Their loss (Score:4, Insightful)
As Somalia shows very well, when central government becomes too weak to maintain control, warfare simply moves down to tribal/criminal/corporate level.
Re: (Score:3)
Is it racism to be concerned that our military is using computer parts that can't (or won't) be produced at home?
If we had to go to "total war" tomorrow like we had to after Pearl Harbor I think we would be in pretty big trouble if our enemy was from the east and all of our sudden our constant shipping was gone. It we Americans are so damn expensive and corporations are at their height of greed and power we've pretty much forgotten how do that manufacturing.
Because if you just buy Apple computers the problem magically gets solved? Aren't Macs produced in China? What about other companies (HP, Dell, etc.)? Which of them still produce the entire laptop (motherboard, RAM, SSD/HDD, etc.) in the US?
Re: (Score:2)
There are 4 questions in my comment. You decided to answer the sarcastic half. Could you please focus on the second half of the comment, the part of some that actual interest?
Re: (Score:3)
Re: (Score:2)
How do we remain a soverign nation without Mfg? (Score:2, Insightful)
We dispense of the messy and "expensive" tasks of manufacturing and delegate to the lowest cost labor force. Makes sense untill one needs to be able to defend oneself. Once war does not make financial sense, we might be OK. Not sure if we can count on that though.
Re:Their loss (Score:4, Insightful)
Is it racism to be concerned that our military is using computer parts that can't (or won't) be produced at home?
No, which is why the US government should only use US-made computers, made with only US-made components.
Oh wait, there is no such thing. But that's OK, they can pass such a law, and since no computers or electronics are actually made in the US any more, the US government can just go back to using pencils and paper (no copy machines either, since those aren't US-made either).
Not likely (Score:5, Insightful)
However if the Chinese are ever coming for the USA, it will be through the courts with a small army of debt collectors.
Cute sound bite but the US has the Chinese over a barrel here. China has bought about $1.1 trillion dollars of US debt which is about 9% of total US debt. (Japan has a similar amount an total foreign debt obligations are around $5.8 tillion) Most of this debt was purchased to maintain the yuan's peg to the dollar in order to keep their exports cheap. (a weak currency helps exports) Exactly how do you propose the Chinese force the US to pay? The courts can't force the US government to do a thing. They can't sell the debt to someone else. No one else wants or could buy that much debt. If they let their currency get stronger (buys more dollars per yuan) then it hurts their exports by making them more expensive abroad. Since their economy is heavily export based, any action they could take carries a strong probability of badly damaging their economy. No the Chinese are in a tough spot. They have lent a lot of money to the US to keep their currency cheap and to ward off currency speculators. There is no way they could collect in a short time without a mushroom cloud appearing over their economy.
When you owe the bank a little money, you have a problem. When you owe the bank a lot of money, the bank has a problem.
China has limited leverage (Score:5, Insightful)
I'll make this one easy on you
Gee thanks. I'm really glad I have you to explain this to me since I merely have a master's degree in finance and am a certified accountant with 10 years experience in global sourcing. Good thing I have smart people like you to explain how currency trading works. [/sarcasm]
Defaulting on even a small amount of debt to China would collapse this system and US and world economy would not survive the fallout
The US doesn't have to default on the debt. That was the whole point. China will get paid in due time and they have very little leverage over the US regarding when and how. China bought that much US debt because they had to, not because they particularly wanted to. The notion that China now "owns" the US, or that they could take the US to some court over the matter is just nonsense. China (probably rightly) regards US debt as a safe investment but the China is in a much more precarious position than the US even without the exercise of some fiscal nuclear option.
Sigh, someone else who doesn't understand debt (Score:5, Informative)
Seriously people, take a little time to hop on over to the US Treasury site and learn a little about US debt instruments. It isn't hard, they'll explain it all, and even sell them to you directly if you want some.
So, this is not a loan shark situation, where the US goes to China and says "Please give us some money!" and China says "Ok you can have money, and at some point, you don't know when, I'll come and collect and you don't know how much for." Rather the US auctions off securities, bonds, notes, etc, and China chooses to buy some. They are sold to the highest bidder, which in this case means the entity that bids the interest rate down the lowest.
Now some things to note about them:
1) They pay out in US dollars. They are not denoted on foreign currency, they are in US dollars, meaning they have value only if the dollar does, and their value is dependant on the dollar.
2) They pay out only after a given period. There is no provision to call in the money early. They have a defined cycle depending on what you buy. Some t-bills have a maturity date as short as a couple weeks, some bonds a maturity date as long as 30 years. They pay out the principal only when they mature, not before (bonds pay out interest every 6 months). The only way to get money early is to sell them to someone else who wants them, for a price that group is willing to pay.
3) They aren't physical things you have, they are just entries in a computer at the treasury. They are completely under the control of the US government and if you did something that allowed them to seize your assets, there is fuck all you could do to stop it.
So no, China can't come "through the courts with a small army of debt collectors." Their case would be dismissed in summary judgement and they'd be charged court costs. You can't sue the government to try and get them to pay out their treasury securities early as it is EXPLICITLY stated that they pay out only at a given time. You can't demand they pay you in another currency, as they are sold in US dollars. You can't act as though they took your money without you knowing as you had to go and bid on them.
Seriously, none of this is a big secret or complex. Go look it up. Go participate in it, if you like. Treasurydirect is the government's site for individuals to buy securities. You can participate in the auctions and buy government debt for yourself, if you wish. Just don't think you can then run down to the court house and demand the government pay you. The terms of your payment are explicit up front. If you don't like it, don't buy.
Re: (Score:3)
Re: (Score:3)
CPU manufacturing is still done in the west. Why? Patents, commerce barriers on exporting leading edge lithography tools to China. The rest has moved to Asia a long time ago. DRAM and Flash is nearly all South Korean. The other chips are designed in the US, Europe, or Asia, but nearly invariably manufactured in Asia in companies like TSMC. The motherboards are assembled in China. The computers are assembled in China too.
Re: (Score:3, Insightful)
Re:Their loss (Score:4, Interesting)
Not Capitalism, it's the "American way".
If you can't make a better product. get the other one banned or tie them up in litigation.
Re:Their loss (Score:5, Insightful)
Re:Their loss (Score:5, Insightful)
Worse is yet still to come. Given the extent of backdoors, data sharing and data sniffing as has been exposed during the last couple of weeks a lot of service providers in the US may suffer a similar fate. All these service providers operate on trust and trust is at an all time low.
Now all I have to say when a customer/PHB talks about "cloud" is to counter their BS bingo with "trust". And trust is easier lost than earned.
The intelligence community in the US, UK and Europe have managed to sow the seed of distrust into everything that is connected to the net. While Joe Public doesn't seem to care, those who do have to care will think twice. The new bonanza will be security/privacy technology while the clouds disperse in the corporate sector.
Re:Their loss (Score:5, Funny)
Indeed. I was trusting the NSA to backup all my data, and now they cannot even find their own emails. I guess I'll have to do my own backup, after all. ;-)
Re: (Score:2)
Indeed. I was trusting the NSA to backup all my data, and now they cannot even find their own emails. I guess I'll have to do my own backup, after all. ;-)
Comedy gold.
Re: (Score:3)
I think the Chinese probably have a lot more to fear from using American technology than the reverse.
Bullshit. When was the last time, no. Make what when have you ever heard of a vendor loading it's network hardware with gear that spies on behalf of the U.S. government? Not that those fuckers don't spy too, but they're a lot more up front about it. "Yeah, we have all the details about every phone call, text, and web search you've ever made. What are you gonna do about it?" Still, that's a far cry from embedding surveillance functionality in my laptop.
Re: (Score:3)
Exactly. I see near future in which Asian countries will no more trust in US, UK and western built equipments.
This has already begun. Indonesia and a few other countries have already started banning US and UK services and products.
Re:Their loss (Score:5, Insightful)
PRISM: Microsoft, Google, Apple... Need I elaborate or is it sufficient to say that the US government is in the spying business and the Chinese will be doing themselves a favor by banning US products and services?
Re: Their loss (Score:5, Insightful)
Uhhh, Stuxnet comes to mind
Re: (Score:3, Insightful)
...bit of racism...whatever. I find it funny that you point out the US in your comment, but totally ignore the other big countries also banning Lenovo...
sounds like you're anti-US (since we're throwing out generalizations).
Re: (Score:2)
What part on non-Lenovo (or earlier non-IBM) laptop is not replaceable? Every laptop I've owned that has had something break I've been able to find a replacement part for it.
Presuming you're talking about factory service type of work, it's not exactly like you're swapping out individual components on circuit boards. Modern laptops aren't that much more than a
Re: (Score:3)
Not really. I am a old afficionado of the Thinkpad brand. When Lenovo bought the brand I got a T61p which died prematurately after the guarantee expiration. The problem was with the Nvidia graphics processor and it wasn't replaceable. The whole system board needed to be replaced at a price much higher than a brand new laptop. I did remove every part in this laptop and it wasn't that easy as it once was with older Thinkpads and other brands from the Big Blue.
I believe the Thinkpad brand is slowly changing an
Re: (Score:2)
Sounds like another fear of the boogyman and more racism are really going to hurt the US in the long run.
Here, I fixed that for you.
Re: (Score:3)
When you are dealing with sensitive information, you error on the side of caution. You would have to be a complete moron to do otherwise.
The US? (Score:2)
I wasn't aware the US had annexed Canada, Australia, New Zealand, and the UK. ...or are you just trying to spin something as anti-US when really it is a collection of nations?
Re:Their loss (Score:4, Insightful)
I am not sure why you just don't test the device. Every device if security is that big of a concern.
I mean it is a freaking man made computer not a Magic Box.
Plug it into an isolated network that looks like a Wan connection with some honey pots. And see what the heck it is sending with some simulated use. You can check the hardware to see what type of wireless transmitters it has installed. Put it in a Faraday Cage and monitor what stuff it is sending out wirelessly.
Also if security is a concern. Why would you leave the default image that came with the PC, you should do a clean install of your "trusted" OS with the software you want.
Besides if the Chinese wants to spy on us. They don't need to send us computers with hack in it. Most IT departments are so incompetent (Usually upper middle management who is unwilling to pay for the necessary upgrades until there is a problem) that they will leave gaping holes to get in.
While Think Pads are Black Boxes, there isn't anything magical about them. They are boxes that happen to be black, with normal PC stuff in them and compared to other models much easier to dissemble and have every part checked out.
I would be more worried about your smartphone. This thing has sends stuff wireless by design. And it relatively slow processor means security holes my be in the system as a trade-off to get a little extra performance out of it.
Re: (Score:3)
Why do you assume the spy software would be turned on during that testing? Have the software do nothing for the first 6 months of operation, and your tests will not reveal it.
Why do you assume the spy software is installed on the hard drive, where re-imaging might eliminate it? There's lots and lots of other places to put code that will be executed by the processor.
Tip: The folks at the NSA and other nation equivalents that come to the conclusion in TFA are not morons.
Re: (Score:2)
Hurt "the US"? What the heck are you talking about? Given the scale the PCs are deployed at, nobody repairs them. Nobody. I mean we're talking less than 1 in 1000 PCs ever being repaired, even if it'd be a software repair only! Even PCs that have fully functional hardware are thrown away because they "become slow and crash often" - read: they are malware infested, nothing wrong with the hardware at all.
It's being deluded to think that the repairability of the PC affects anyone but the geeks and data center
Re: (Score:3)
Given the scale the PCs are deployed at, nobody repairs them. Nobody. I mean we're talking less than 1 in 1000 PCs ever being repaired, even if it'd be a software repair only!
Where the hell do you work? I work for a company that makes PC Lifecycle Management software (amongst other things). I'm in contact with many IT guys at many companies across many verticals. They re-image all the time. Replace bad RAM, bad drives. Replace cracked displays, replace coffee-filled keyboards... On an on. No one ha
Re:Their loss (Score:4, Insightful)
I have 4 ThinkPads, and wish you hadn't used 'racism', as it negates most of what you said. There's lots of hacking going on from China, targeting Boeing and Lockheed Martin. And most wouldn't put it past their government to do what's "necessary" to catch up to the west, and the Chinese government has lots of control over their corporations. So it isn't outlandish to be concerned about the hardware placed in sensitive areas.
I think it's more of a boogyman and fearmongering to start calling people/nations racist.
Re: (Score:2, Interesting)
Hmmm. The fact that most (or all) Lenovo chief executives are Communists is not a legitimate concern?
Not really. I live in a part of the world were we aren't blindly taught that communist = evil, just as we aren't taught that corporations = evil.
If you can prove that the Lenovo chief executives are psychopaths then I might be concerned, but the competition doesn't really have a good track record so the alternative might be to not have a laptop at all.
Re: (Score:3, Interesting)
Re: (Score:3)
More specifically Taiwan is racially dominated by (Han) Chinese people (98% according to Wikipedia [wikipedia.org]). The USA typically has little problem with dealing with the Taiwanese or the other way round. Same goes for Singapore.
This is really about other things. The obvious stuff about China becoming a threat to the USA's dominance, but to a greater extent the real fact that China represents a threat to many people who live in the area nearby who then support and allow the USA to come in to the area. What the C
So instead? (Score:5, Insightful)
Re:So instead? (Score:5, Insightful)
Having components from China is different from having the entire machine, or at least key parts that can phone home, from China is very different. They don't give a damn if your capacitors or even the entire DVD drive are from China.
Re: (Score:2, Insightful)
Not easily (Score:4, Interesting)
The motherboard may be made in China but the components are not. The chips are largely American in manufacture (most of them are Intel). Now I suppose the company making the motherboards could add a chip, but, well, that would kinda be noticed during the QA process by the company that ordered them. It isn't like you get parts from a Chinese manufacturer and just slap them in a unit sight-unseen. Not because of worries about spying but because quality control with Chinese companies can be... problematic. You have to test the parts and send back the failed ones (1%ish usually, sometimes more).
In terms of BIOS/UEFI? That's all Phoenix Technologies and American Megatrends. They are in California and Georgia respectively.
Re: (Score:3)
Most western-designed machines also have final assembly in China, in addition to the components mostly being made in China. For example, HP assembles many of its laptops in Chongqing in a joint facility [bloomberg.com].
There might be some difference, since the design is done by HP, and they oversee the production to try to ensure it's in accordance with their design. I'm not sure how much of a barrier to slipping something in that provides, but it might be nonzero.
Re: (Score:3)
That explains why Apple is moving some Macs to be Made in the US. And not just "Assembled in the US" either - the new forthcoming Mac Pro is supposed to use a lot of US manufacturing. About the only Chinese components would be sold in component form - the PCB, chassis and assembly are all to be done in the US so it actually qualifies as "Made in the USA" and not just "Assembled in the USA".
Re: (Score:3, Interesting)
HP doesn't manufacturer in China or use components from others within there systems that are manufactured in China?
I doubt that.
Re: (Score:3)
How would we know? (Score:2)
No evidence has yet been presented to back the claims...
Is it fearmongering?
Or is there some legitimate basis for the ban?
How would we know whether or not evidence exists? All we know is that we haven't seen any. Time will tell. If no evidence is preseneted in the next month or so, then we'll know that it's just fearmongering, and not a legitmate basis for a ban.
Re: (Score:3)
Just because there's no evidence doesn't mean something isn't true. There's no evidence of life currently on Mars, but that doesn't mean there definitely isn't life on Mars. A lack of evidence just means a lack of ability to prove something one way or another.
Welcome to Cisco and MS's future... (Score:5, Interesting)
The problem is the credible fear of a lifecycle attack is sufficient to require that such hardware be avoided. There is a reasonable fear that the chinese might try something using Lenovo kit, therefore the classified networks need to avoid it. Its the same reason why Huawei networking hardware is avoided in some circles.
Of course, with the NSA now clearly off the leash, US IT equipment is now in the same position. Microsoft clearly backdoored Skype to enable easy wiretapping, the NSA is reportedly hacking foreign networks to introduce monitoring (who knows, perhaps it was the NSA responsible for the Athens Affair [ieee.org]?), and with any US Cloud service provider subject to PRISM-style requirements, US IT infrastructure is now in the same boat that the Chinese have been struggling with for years now.
Re: (Score:3)
It's also the future of every US based cloud service provider. As much as US trade reps around the world want to whine about how unfair it is that people in other countries avoid American service providers, it's only going to get worse. The US government is the worst enemy of those companies.
New Cold War (Score:4, Insightful)
The new cold war will be electronic and China has already proven that they are willing to do whatever is necessary to stay ahead there.
This isn't racism, this is a forward looking policy that's saying when, not if but when, we start finding Chinese backdoors in our equipment, they won't be in our sensitive areas.
The down side is that even if our equipment says made in the USA, it means assembled. Most of the parts will have been manufactured in China.
Re: (Score:2)
...China has already proven that they are willing to do whatever is necessary to stay ahead there.
They aren't ahead, hence the spying.
Re:New Cold War (Score:5, Informative)
"Made in the USA" does carry a specific legal meaning and is different than "Assembled in the USA"
http://business.ftc.gov/documents/bus03-complying-made-usa-standard [ftc.gov]
In that case... (Score:2)
Re: (Score:3)
Most of that 200MB has nothing to do with drivers. Do what anyone in IT does if that 200MB download is the only driver package available... download it, open the executable up with your favorite ZIP program and extract just the folder containing the actual print drivers. You don't need the rest of the software for printing.
Re:In that case... (Score:4, Informative)
Unlike most US companies, The Chinese government owns the largest share (38%) of Lenovo's parent company Legend which owns the largest share of Lenovo (34%).
FYI it was the British and Australian defense and intelligence communities that discovered malicious modifications to Lenovo's circuitry. Just in case you actually believe that the US intelligence was proactive for once, it was the British intelligence findings that encouraged congress to react.
Awww, but that's no fun! (Score:2)
You ruined his perfectly good "hate on the US" session! After all, clearly the US is the bad guy if they are doing this. The other countries must have good reasons and/or are just US puppets, it is the US that is evil!
It is amusing how two posters in this thread so far have tried to spin this in to an anti-US rant, when it is rather something happening in a number of nations. On Slashdot, it seems to continue to be trendy to hate on the US, for any or no reason at all.
Next in line to get banned (Score:2)
Microsoft and Cisco.
What's the question? (Score:2)
If there is no evidence, then yes it is scaremongering. Stuxnet and Spying on their own civilians, well for that there is evidence.
Why do the heavy lifting yourself? (Score:2)
All the Chinese need to do is gain access to the NSA backdoors that are in all versions of Windows... That would be far more efficient.. and undoubtedly they already have..
More Likely ... (Score:2)
Someone important's cousin just bought the competition to Lenovo.
What a load of crap (Score:5, Interesting)
There isn't a single US manufacturer of motherboards any more; that would be the most sturdy place to insert any nefariousness (at least, nefariousness by the PC manufacturer.) Who knows where BIOS code is written these days; but I doubt it's the US.
Not to mention the whole stack of drivers you need, like those for on-board peripherals. It'd be just as easy to put a back-door in a Windows I/O driver as it would the BIOS.
Re: (Score:3)
"It'd be just as easy to put a back-door in a Windows I/O driver as it would the BIOS."
Much easier actually, trivial drivers are often quite bloated and there is plenty of space to hide stuff in. BIOS spaces still tend to be tighter and get more scrutiny.
Suspicious kettles and pots (Score:5, Insightful)
Well now, it's been my keen observation over the years that people suspect of others the same nefarious behaviour that they indulge in themselves or would do given the opportunity. I am sure that there exist proposals to have Cisco/Juniper/Akami network gear do more than is advertised.
Knowing that the West intelligence services would do (are doing??) what Lenovo & Huawei are suspected of is enough to have those companies banned, at least in CIA/NSA thinking.
It's difficult enough to keep malware out of the network as it is without providing an easy doorway.
eg: stuxnet
However, if evaluation of the policy to ban Lenovo were up to me, I would do a serious risk evaluation and compare Lenovo to others such as Dell. Truth is that state sponsored malware could be introduced at many levels including embedded firmware in say, network or video chipsets.
I suspect that the multinational component sourcing makes banning Lenovo analogous to plugging a small hole in a screen door while leaving all the windows open.
One easy solution (Score:2)
To find your answer, what brand are the paranoid Chinese using?
Simple, right?
Strong reputation? (Score:4, Informative)
Dell has always had excellent service, over the past 10 years or so I can probably count the number of times they didn't have a hardware problem fixed the next business day on one hand. It also seemed like we had a higher incidence of problems with the Lenovo systems. We bought maybe 20 of them and of that 20 probably half had to have their system boards replaced because a USB connector snapped off.
TSMC (Score:3)
This seems to be about politics and or irrational fear. Components for modern laptops are sourced from all over the world any number of which could be capable of any number of wicked things. If your goal is to mitigate risk from foreign governments then simply picking a new laptop vendor is not an effective solution.
Why not produce your own computers on the NSA fab? You know...put it to use use for something other than spying on your own people.
Re:but... (Score:4, Funny)
Windows can be very solid with some tweaking and only running trusted apps. It's when you open it up to third party software and drivers that haven't been thoroughly tested that you really run into issues. Sure, it's possible to get a BSoD regardless of what you do, but it's also possible for Linux or OSX installs to break too.
Re:Nothing new (Score:4, Insightful)
Costs are higher, but Americans are being employed and paid with tax money. Sounds like a better approach than shipping it directly to someone else's economy.
Re:Hmmm... (Score:5, Funny)
They're only worried about back doors, not back windows. There's no way the Chinese could sneak fat American secrets out through a window.
Re:[Citation Needed] (Score:4, Funny)
The official statement is as follows:
[REDACTED]
Re: (Score:2)
You'd have to be really close to the equipment to detect that. Put it inside a Faraday room and your advantage is gone.
Re: (Score:3)