David Kirkpatrick

February 12, 2010

Can China’s computer manufacturing industry be trusted?

A very good question, and the current answer is a bit unsettling.

From the link:

Is it safe to buy Chinese-made computer equipment?With Google and the National Security Agency now teaming up to investigate supposed Chinese hacking and most of our PC hardware coming from China, it’s a fair question. And a hard one to answer with certainty.

It is made more urgent by a report in the Sunday Times newspaper that Chinese spies in the U.K. have been handing out bugged memory sticks and cameras to targeted businesses in an attempt to steal the companies’ intellectual property.

Headlined, “China bugs and burgles Britain,” the story quotes a classified report from MI5–their equivalent of our CIA–and says, “The gifts–cameras and memory sticks –have been found to contain electronic Trojan bugs which provide the Chinese with remote access to users’ computers.”

My friend, security blogger Steven J. Vaughan-Nichols, yesterday posted an item suggesting it wouldn’t be too difficult for Chinese PC manufacturers to build backdoors into their products and use them to spy on pretty much anyone.

“If China’s government really is hell-bent on keeping an eye on American and European businesses, why not just incorporate 21st century backdoors into their products? Then, you could just have them automatically call home to do a data dump of documents. If there’s anything interesting in the files, it can be set to monitor its user on a regular basis,” Vaughan-Nichols wrote.

“There’s nothing difficult about doing this. Not only are backdoors easy to create, running an automatic check for words of interest, even in terabytes of documents, just requires some servers. After all,Google does it every day with far more data than such a plot could ever uncover.”

1 Comment »

  1. Can i say ive been thinking about the exact same thing, China could build a hardware fault which could be exploited, if it was purely on a hardware level and had no interaction with the software layer, it would be very hard to detect especially if it didnt use any standard packet technology like tcp, it would be virtually impossible to catch, Externally it may be able to be monitored but if they were to do it im sure its complex enough to bypass many detections. I think this is a very valid concern, one im sure is or has been investigated the question is if they find something what can they do about it? IF they find its on millions of computers currently out there what could you do?

    Comment by Peter james — July 3, 2011 @ 9:02 am


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: