Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Can You Trust Chinese Computer Equipment?

kdawson posted more than 4 years ago | from the or-anybody's-really dept.

Security 460

Ian Lamont writes "Suspicions about China slipping eavesdropping technology into computer exports have been around for years. But the recent spying attacks, attributed to China, on Google and other Internet companies have revived the hardware spying concerns. An IT World blogger suggests the gear can't be trusted, noting that it wouldn't be hard to add security holes to the firmware of Chinese-made USB memory sticks, computers, hard drives, and cameras. He also implies that running automatic checks for data of interest in the compromised gear would not be difficult." The blog post mentions Ken Thompson's admission in 1983 that he had put a backdoor into the Unix C compiler; he laid out the details in the 1983 Turing Award lecture, Reflections On Trusting Trust: "The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."

cancel ×

460 comments

Sorry! There are no comments related to the filter you selected.

Another reason (3, Insightful)

AnotherUsername (966110) | more than 4 years ago | (#31035168)

This is just another reason for me to not want to buy Chinese made goods. Unfortunately, so much is made in China that it is nearly impossible to completely avoid the country.

Re:Another reason (5, Interesting)

Spazztastic (814296) | more than 4 years ago | (#31035192)

This is just another reason for me to not want to buy Chinese made goods. Unfortunately, so much is made in China that it is nearly impossible to completely avoid the country.

Some component of your car, cell phone, computer, etc. is going to be made in China. I have a feeling eventually they will catch on that people aren't buying Chinese made stuff and will just put stamps on it from their more friendly neighboring countries.

Re:Another reason (5, Insightful)

TubeSteak (669689) | more than 4 years ago | (#31035296)

I have a feeling eventually they will catch on that people aren't buying Chinese made stuff and will just put stamps on it from their more friendly neighboring countries.

It's not as simple as "put stamps on it from their more friendly neighboring countries" when those neighboring countries do not have the high-tech industrial base to produce the hardware in question.

On a strategic level, the USA really screwed the pooch by chasing the lowest bidder and not building up our domestic capacity to produce these items. And for you small gov't types, this is an example of free market principles colliding with what is effectively a national security issue.

Re:Another reason (2, Insightful)

WinterSolstice (223271) | more than 4 years ago | (#31035494)

I couldn't agree more, but then I'm also a big believer in 'trust but verify'. It's worth noting, however, that paranoia is self-fulfilling. :D

I recommend just being careful, verify that your devices are performing safely (as much as possible) and taking your chances. There are really very few alternatives - you have to trust someone.

Re:Another reason (5, Insightful)

Rogerborg (306625) | more than 4 years ago | (#31035580)

You know that 2/3 of the phrase "trust but verify" is meaningless oxymoronic bullshit designed to mask the harshness of the only significant word, right? Like "strong but sensitive" or "sexy but geeky".

Re:Another reason (4, Insightful)

Spazztastic (814296) | more than 4 years ago | (#31035658)

You know that 2/3 of the phrase "trust but verify" is meaningless oxymoronic bullshit designed to mask the harshness of the only significant word, right? Like "strong but sensitive" or "sexy but geeky".

It's a good point, but that 2/3 of the phrase is what keeps the potential client from being insulted. The majority of business is sugar coating the harsh truth to keep people on your side and hopefully more of their money going into your wallet.

Re:Another reason (0, Offtopic)

wtbname (926051) | more than 4 years ago | (#31035748)

+1 Insightful

Re:Another reason (1)

ozmanjusri (601766) | more than 4 years ago | (#31035770)

I'm also a big believer in 'trust but verify'.

That's not possible with computers.

Another reason why I'd never use Windows, and why a diverse ecosystem of OSs is so important.

You may not trust Chinese made products, but more people have had identities stolen and bank accounts emptied as a consequence of using Microphone products than Chinese ones.

Re:Another reason (0)

Anonymous Coward | more than 4 years ago | (#31035502)

Please mod this post up!! We desperately need more analysis on these very pertinent, insightful and wholly true comments! Thanks.

Re:Another reason (2, Funny)

jeffmeden (135043) | more than 4 years ago | (#31035514)

But the free market would never lead us to disaster by chasing the lowest common denominator and exploiting our innately trusting human nature! I also don't see how a 'big government' is required to sufficiently instill the kind of nationalism that forces people to buy higher priced, locally produced goods.

Perhaps you have a newsletter?

Re:Another reason (2, Interesting)

tiberus (258517) | more than 4 years ago | (#31035550)

On a strategic level, the USA really screwed the pooch by chasing the lowest bidder and not building up our domestic capacity to produce these items.

It goes much deeper than that, too many Americans are overly litigiousness, not at fault and to desperately seek the almighty dollar. Corporations have gone off shore to seek lower cost materials and labor in pursuit of higher profits. You'll note nothing seems to get cheaper to the end user.

Sadly at this point in the game, what other options are there?

And for you small gov't types, this is an example of free market principles colliding with what is effectively a national security issue.

Free Market, pah. As the guy at the end of the supply chain, of mega-corporations, multi-nationals, world-wide supply chains and so on, I don't see the Free Market benefiting me. Profits are sought, exclusive agreements are penned and now it's nearly impossible to find American made electronics or even get a 1/2 gallon of ice cream at you local grocery.

Re:Another reason (5, Insightful)

BZ (40346) | more than 4 years ago | (#31035682)

> You'll note nothing seems to get cheaper to the end user.

Since we're talking about computer equipment, this is demonstrably false.

Re:Another reason (1)

Spazztastic (814296) | more than 4 years ago | (#31035704)

You'll note nothing seems to get cheaper to the end user.

Yeah, but you bet your ass that if they do manufacture locally they will advertise the shit out of it and charge you 30% more because of people who do buy only US made goods.

Re:Another reason (1)

Wyatt Earp (1029) | more than 4 years ago | (#31035638)

Yes, but with China those countries exist. China could stamp parts with Republic of Korea, Japan, Thailand, Taiwan, Malaysia, or Singapore since all those countries have manufacturing infrastructure in place now.

Re:Another reason (2, Funny)

Anonymous Coward | more than 4 years ago | (#31035798)

Once upon a time this happened to the Japanese. They started manufacturing things in Usa [wikipedia.org] and using capital letters on their packaging. It's easier than you think!

Re:Another reason (2, Informative)

Kugala (1083127) | more than 4 years ago | (#31035304)

They already do; counterfeit parts are a massive issue.

Re:Another reason (2, Interesting)

Spazztastic (814296) | more than 4 years ago | (#31035458)

They already do; counterfeit parts are a massive issue.

Yeah, someone I work with bought three T1 WICs (Cisco) for their SOHO. Two of the three were counterfeit.

I meant more in terms of someone putting the "MADE IN TAIWAN" stamp on a Chinese made part to trick people into thinking that it's from a country with a better reputation.

Re:Another reason (1)

lkcl (517947) | more than 4 years ago | (#31035432)

that's already happened :)

Re:Another reason (1)

purpledinoz (573045) | more than 4 years ago | (#31035568)

I find this an interesting issue, because the Chinese government has so much control over there, and they can probably order a company like Lenovo to install some spy chip on there. Without looking at the motherboard, it would be difficult to detect. I think it would be difficult to do a company like HP. Any additional chip means additional cost, and HP would notice this right away. It would have to be a company that collaborates in the design stage.

Re:Another reason (1)

Spazztastic (814296) | more than 4 years ago | (#31035600)

I find this an interesting issue, because the Chinese government has so much control over there, and they can probably order a company like Lenovo to install some spy chip on there. Without looking at the motherboard, it would be difficult to detect. I think it would be difficult to do a company like HP. Any additional chip means additional cost, and HP would notice this right away. It would have to be a company that collaborates in the design stage.

They have so much control they could just pay off the workers to do it when someone isn't watching. They already run the factories overnight on a "second shift" and print out the counterfeit goods. That's how the Cisco counterfeit stuff is produced.

If you want to know about how to spot the fake Cisco stuff for those CCIE/CCNA/CCNP guys out there, check out this article on a reseller site (that I use): http://www.usedcisco.com/used_cisco_identifying_fake_chisco [usedcisco.com]

Re:Another reason (5, Insightful)

networkBoy (774728) | more than 4 years ago | (#31035838)

It's not that it is an additional chip, it is a different chip all together.

For example:
the ICH (southbridge) on your system likely handles the following things for you:
keyboard/mouse
USB
IDE
SATA
FireWire
Lan on Motherboard
Boot from BIOS
WebCam

Using an ARM/ARC/MIPS core + SRAM added to the circuit of the ICH and fabbed as a "special item" one could conceivably manufacture motherboards with a larger than spec flashrom (to hold NVRam data for the extra proc) and so long as your system was on (possibly even "off" but plugged in if you can make it low enough power to run on standby voltage) you can datalog nearly anything.
Parse the data for the interesting bits and store that to a hidden file on the HDD (since you're the controller for the HDD this should be trivial, no one will miss 1 meg of sectors you've marked bad).
When you have an internet connection SSH over to your drop server (you run the ethernet MAC remember) and unload your stash.

Really not all that far fetched and as long as the government pays for it (the fab of chips) you can sub these into assembly and not even no there was something wrong on the system even with a physical inspection.

Re:Another reason (3, Informative)

Anonymous Coward | more than 4 years ago | (#31035238)

You can buy stuff made in the USA.. You just have to look harder and spend just a bit more.
You can also buy from Europe, their quality is much better than Chinese anyway

Re:Another reason (1)

shugah (881805) | more than 4 years ago | (#31035306)

It's often difficult to determine where something is really made. Components and firmware come from china, final assembly in US, etc.

Re:Another reason (4, Interesting)

Thud457 (234763) | more than 4 years ago | (#31035328)

AFAIK, this [homebrewcpu.com] is the only CPU still made in America.

Re:Another reason (2, Insightful)

ElectricTurtle (1171201) | more than 4 years ago | (#31035450)

Intel has several fabs in the US, and AMD's spun off fab company Global Foundries is building a US fab. Even the very Chinese (insofar as Taiwan is Chinese) TMSC has a fab in the US.

Re:Another reason (1)

TheKidWho (705796) | more than 4 years ago | (#31035452)

Yes, except for all of those x86, PowerPC and ARM CPUs produced in the USA.

Forget about the military CPUs.

Re:Another reason (2, Funny)

lxs (131946) | more than 4 years ago | (#31035690)

Weaksauce. He uses ready-made logic gates. Have him build a CPU out of discrete BC547 transistors and I'll be impressed.

Re:Another reason (2, Informative)

Wyatt Earp (1029) | more than 4 years ago | (#31035746)

As others are pointing out, thats just BS.

http://www.intel.com/pressroom/kits/manufacturing/manufacturing_qa.htm#1 [intel.com]

Fab production sites within the United States are located in Chandler, Ariz.; Santa Clara, Calif.; Colorado Springs, Colo.; Hudson, Mass.; Rio Rancho, N.M.; and Hillsboro, Ore.; and outside the United States in Leixlip, Ireland; Jerusalem, Israel; and Kiryal Gat, Israel. Two new fabs are under construction at existing sites in Arizona and Israel.

The company has six assembly and test sites worldwide and is building a seventh, all of them outside the U.S. Assembly and test sites outside the United States are located in Shanghai, China; Chengdu, China; San Jose, Costa Rica; Kulim, Malaysia; Penang, Malaysia; and Cavite, Philippines. An assembly and testing site in Ho Chi Minh City, Vietnam, is under construction. There is one testing facility and one assembly development facility inside the U.S.

http://en.wikipedia.org/wiki/GlobalFoundries [wikipedia.org]

It currently owns eight fabrication plants. Fab 1 (Module 1 & 2) is in Dresden, Germany. Fabs 2 through 7 are in Singapore, and a new plant, Fab 8, will be operational in New York in 2012.

Re:Another reason (1)

ElSupreme (1217088) | more than 4 years ago | (#31035766)

Magic-1 seems to be slashdotted.

Re:Another reason (1)

OrangeTide (124937) | more than 4 years ago | (#31035790)

There are lots of American made CPUs and RAM and Flash on the market. And yet it is competitively priced because that kind of stuff doesn't really have much labor cost.
There are only a few US based motherboard manufacturers though (Supermicro being one of them).

Goods that are made in China to the specifications of foreign companies would be a lot harder to insert rogue firmware into, motherboards are a great example because while they are built in China/Taiwan the design and BIOS is generally done closer to the company's headquarters. (take Intel's motherboard division for example)

Not really. (1)

mbessey (304651) | more than 4 years ago | (#31035540)

I just did a quick survey of all the computer equipment in easy reach from my office chair:
        Mac Pro computer - built in China
        Apple Keyboard: Made in China
        Wacom digitizer: Made in Japan
        Logitech Speaker: Made in China
        iSight Camera: Made in China
        Vakoss USB Hub: Made in China
        Apple Cinema Display: Made in China

Slightly skewed due to all the Apple equipment, but none of the top 4 PC manufacturers builds much of anything in the US or Europe anymore. This skips over the fact that there are components inside the computer from a number of different manufacturers. A lot of these sub-components contain firmware loaded in Chinese factories, as well.

Re:Not really. (1)

Wyatt Earp (1029) | more than 4 years ago | (#31035796)

Except for the CPUs in those Mac Pros are made in the US, Ireland or Israel (chances are US made). Same with the CPUs in the Xboxes, PS3s and Wiis.

Re:Another reason (1)

Ukab the Great (87152) | more than 4 years ago | (#31035572)

Cheapness tends to inhibit bean-counters' higher brain functions.

Re:Another reason (0)

Spewns (1599743) | more than 4 years ago | (#31035622)

You can also buy from Europe, their quality is much better than Chinese anyway

Proof please. And also proof about how American products are superior to Chinese products. I don't believe a word of it. I think it's typical paranoia, xenophobia, propaganda, etc., just like this article.

Re:Another reason (2, Insightful)

Yaa 101 (664725) | more than 4 years ago | (#31035332)

US goods are riddled with backdoors too, I think it is much healthier for you to mistrust your own government apart from the Chinese one.

Re:Another reason (1)

benjfowler (239527) | more than 4 years ago | (#31035374)

So it's all right for the Chinese to do what they please then.

Just claim that everyone else is doing it, or claim that they're a "developing" country, and therefore shouldn't be held to the same standards as everybody else.

Re:Another reason (4, Insightful)

TheLink (130905) | more than 4 years ago | (#31035416)

The Chinese Government is unlikely to be interested in spying on US citizens (or taking control of their computers). They'll be spying on their own citizens.

Similarly, the US Government is more likely to spy on US citizens.

Re:Another reason (0)

Anonymous Coward | more than 4 years ago | (#31035474)

Never trust government (US, Chinese, British, doesn't matter who, don't trust them) however one thing to consider is that in most places the government doesn't do the manufacturing nor have control over it. In the US at least what is left of the manufacturing is controlled by the corporations not the government. If I understand what communism is, the businesses are actually run and controlled by the government. We can argue all day long about if the Chinese are actually communistic or not but the point is that they claim to be. Which type of government do you think has more control over the products and can insert more back doors?
How many of these backdoors are implemented by the government verse the cooperation? I don't trust microsoft products for that reason and it has nothing to do with the US government.

Re:Another reason (2, Funny)

vurian (645456) | more than 4 years ago | (#31035732)

Never trust business -- big, small, internation, whatever, doesn't matter who, don't trust them. You didn't elect them, they don't represent you, they are out to screw you. And never trust a neighbour -- they don't own what you have, and want it. Make sure you get theirs first. Never trust your parents, or your children. Never trust yourself, even. Never trust! Trust me, you know it makes sense.

Re:Another reason (1)

Trigun (685027) | more than 4 years ago | (#31035850)

"If I understand what communism is, the businesses are actually run and controlled by the government."

No, that's socialism. Communism is where people are all equal in the fact that they all use their specialties and innate talents to contribute to the greater good. In a true communist society, there is no government. There may be people who speak for the group, but it is supposed to be speaking the general consensus.

Of course, as a realist you can see the issue with that, can't you?

What we currently call communist regimes are actually socialist, bordering on fascist. I don't think that the world has seen anything resembling the ideal of communism outside of the hippie communes that dotted the landscape in the 70's, or an abby or something of the sort.

Re:Another reason (2, Insightful)

toastar (573882) | more than 4 years ago | (#31035404)

Listen, Do you want a $200 Intel i7 made in China/Taiwan/Korea. Or you can Buy american and get a $1000 IBM chip made over at East fishkill.

oh and they're about the same speed.

Re:Another reason (3, Informative)

maxume (22995) | more than 4 years ago | (#31035528)

Intel is a terrible example, they do most of their chip fabrication in the U.S, with much of the rest of it done in Ireland and Israel.

They say they do 75% of their chips in the U.S.:

http://www.intel.com/pressroom/archive/releases/2009/20090210corp.htm [intel.com]

Re:Another reason (2, Informative)

TheKidWho (705796) | more than 4 years ago | (#31035536)

Yes, except for the fact that the i7s are produced in the USA.

Oh, and that IBM PowerPC isn't as fast as the i7 and won't run your x86 desktop applications. Different processors for different markets.

Re:Another reason (1)

TheKidWho (705796) | more than 4 years ago | (#31035702)

Sorry, I meant that i7s were produced in America, not the USA specifically.

Re:Another reason (1)

Sir_Lewk (967686) | more than 4 years ago | (#31035834)

Do my intel chips come with salsa then?

Re:Another reason (1)

astar (203020) | more than 4 years ago | (#31035560)

I wonder why you would be particularly concerned about china made goods, as opposed to usa made goods. There exists more data to say Microsoft puts in backdoors than that China puts in backdoors. Not that the details are particularly convincing in either case. And security on many dimensions is so problematic that it is not clear why you want to focus on this particular threat.

So what is the real deal? Big time world-historic international politics. Figure the reason the blog got written comes directly out of that. Figure that this explains the details of Googles response to recent events.

Re:Another reason (2, Insightful)

jellomizer (103300) | more than 4 years ago | (#31035610)

Then there is the conspiracy theory mind set. There is always something going on that somehow there is one piece that is beyond our comprehension on how they do it.

I am sure there are solid american geeks out there when they plug in their USB Device will find odd communication going to china and probably report it on the internet with the exact test case to show it.

As well many of the China made components are made of US made specs and if they are not working as planned then there is a problem.

For the most part for the problems with chinese goods isn't a grand conspiracy but a vender who is trying to make their product that much cheaper then their competition thus cut corners and make a harm full product... This happens in America too.

So the risk of buying chinese components isn't as much Spying on you. But just crappy products that could hurt you.

Do your DUTY! (1)

Colin Smith (2679) | more than 4 years ago | (#31035696)

Throw off those Chinese made instruments of oppression!

On second thoughts. The idea of millions of Americans going naked isn't so appealing.

 

Short and Sweet (2, Insightful)

guygo (894298) | more than 4 years ago | (#31035214)

No.

Re:Short and Sweet (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31035252)

How about a similar question: Can you trust American Operating System software?

Re:Short and Sweet (2, Insightful)

hodet (620484) | more than 4 years ago | (#31035348)

Every time there is a "beware Chinese" article AC comes along and asks if, on the same note, we can trust American. Maybe not, but that is not the question. Start your own thread because the reasons for not trusting are different and that is not the question.

Re:Short and Sweet (0)

Anonymous Coward | more than 4 years ago | (#31035434)

No, the question is both valid and relevent. It is relevent because by re-asking a parallel question to the original post, the reader is asked us to consider the presuppositions behind the original question.

Re:Short and Sweet (2, Insightful)

abigor (540274) | more than 4 years ago | (#31035650)

That China is a corrupt dictatorship that brutally oppresses its own citizens and has a history of "cyber-attacks" worldwide? Yeah, real shaky presuppositions there, Bertrand Russell.

Re:Short and Sweet (0)

Anonymous Coward | more than 4 years ago | (#31035668)

presumably you are American and therefore trusting of your country, though bizarrely most of us don't trust the politicians that run our countries further than we can throw them!

The question is valid as it broadens the enquiry to can any country fully trust essential computing components hardware or software created by another country?

  This then becomes general paranoia rather than china specific paranoia.

Re:Short and Sweet (1)

Nadaka (224565) | more than 4 years ago | (#31035764)

No. I fully expect to be spied on by US corporate and government interests.

However, I don't really expect them to bust down my door, dump me in a mobile organ harvesting truck and bill my family for the bullet because I disagree with how things work around here. That is exactly what I would have a healthy fear of if I was living in china.

Re:Short and Sweet (4, Funny)

Monkeedude1212 (1560403) | more than 4 years ago | (#31035530)

Of course you can't. In fact, if you're anything like me, you can't even trust the code that you wrote yourself. A night filled with browsing old Russian Propoganda, Some Vodka, and Rufilin... You wake up the next morning and you have no idea whether that Tax Financer is just a Tax Financer.

Bad Headline (5, Insightful)

lyinhart (1352173) | more than 4 years ago | (#31035232)

Considering where a lot of this stuff comes from, it should probably read, "Can You Trust Computer Equipment?"

Re:Bad Headline (1)

Sique (173459) | more than 4 years ago | (#31035298)

Can you trust anybody?

The whole point of trust is that it relies on unproven assumptions.

Re:Bad Headline (0)

Anonymous Coward | more than 4 years ago | (#31035792)

Considering where a lot of this stuff comes from, it should probably read, "Can You Trust Computer Equipment?"

It should read "Can You Trust Computer Equipment", but not because it's all manufactured in China. The security issues in the article exist regardless of where the manufacturing takes place. Though the Chinese may have more motive than a western manufacturer, the Thompson example shows that it doesn't really matter where it's made -- the opportunity for firmware exploits will be there and employees can take advantage of that if so incline.

Trust? No? Risk? (0)

Anonymous Coward | more than 4 years ago | (#31035294)

Of course you can't trust it. Neither can you trust any compiled app, and the underhanded c contests show that you can't really trust open source. It's code. To be sure you have to read it and understand it and no sane person can do anything.

Oh, you mean China's toys are less trustworthy then others? I shall risk it. I'm sure such problems exist but I doubt they are coordinated. Only then it would be truly scary...

lenovo (0)

Anonymous Coward | more than 4 years ago | (#31035308)

im thinking about getting a thinkpad. if im concerned about this, am I left only to choose between hp and dell? (which imo sucks)

Re:lenovo (1)

FlyingBishop (1293238) | more than 4 years ago | (#31035336)

Don't worry. The components in question are all made in China. You can't avoid buying something with a probable Chinese backdoor.

Re:lenovo (1)

TheKidWho (705796) | more than 4 years ago | (#31035602)

Made in Taiwan typically, Taiwan != China.

Can we trust (1)

koan (80826) | more than 4 years ago | (#31035312)

Can we trust any computer equipment or code? can we trust Linux, Microsoft, Apple, PGP, based on the blurb if you haven't written the code yourself you shouldn't be trusting anything.

The seeds of the police state are, including the preceding /. article about DNA storage.

why not? (0)

Anonymous Coward | more than 4 years ago | (#31035340)

If you were the Chinese, why wouldn't you do this?

put a backdoor into the Unix C compiler ? (5, Informative)

Anonymous Coward | more than 4 years ago | (#31035352)

The referenced to article doesn't actually state he included a back door. It was a proof of concept demo apparently: Suppose we wish to alter the C compiler [bell-labs.com]

"one the creators of Unix, admitted that he had included a backdoor in early Unix versions. Thompson's backdoor gave him access to every Unix system [itworld.com] then in existence"

s/chinese/any_country/ (1)

petes_PoV (912422) | more than 4 years ago | (#31035364)

I'm sure the chinese think the same about american (computer) equipment. I'm sure the french think the same about the british hi-tech imports (and vice-versa). I expect everyone country has doubts about the ultimate security (when push becomes <bang!>) of any foreign sourced hardware or software that the security of their country is reliant on. If they don't, they're fools

Re:s/chinese/any_country/ (0)

Anonymous Coward | more than 4 years ago | (#31035468)

Re:s/chinese/any_country/ (1)

MemoryDragon (544441) | more than 4 years ago | (#31035574)

You can pretty much expect that this is a non issue between most european countries among themselves :-)

Oh my god (1)

santax (1541065) | more than 4 years ago | (#31035368)

I just bought my girlfriend a fancy Chinese-made Tarzan. If only I could find the hidden web-interface.

Re:Oh my god (1)

wtbname (926051) | more than 4 years ago | (#31035840)

You bought your girlfriend a sexy manly man raised by apes who fights for justice for the indigenous populations of jungles around the world? Made in China? Jesus, they can make anything.

Yellow paranoia (2, Insightful)

lorg (578246) | more than 4 years ago | (#31035372)

Cause it's only the chinese that spy on other countries cause the rest of us are all friends and friends don't spy on eachother ... oh wait ... Seems that red paranoia have had a bit of a colour change.

Sure this might be software related so it's write once - copy everywhere but would you really want to do that. Cause if you plant it everywhere, "everyone" will have it leading to a larger chanse it will be found and out blow the entire operation out of the water. But have they really ever found any evidence for this on a large scale? Seems overly complex and prone to failure. Sure if you bug a phone, switch or whatever that is one thing but to plant it in every single device you ship. That would or could seriously mess with the profit margin and nobody is going to stand for that.

If you didn't build it yourself perhaps this is just the risk you run.

Chinese equipment. (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31035378)

Most of computer hardware is made in Asia and much of it in China. Trying to eliminate China out of the equation is impossible. Sure you could buy Intel chips that were made in Costa Rica, but try to tell Intel to only give you CR chips.

Motherboards? You're going to tell Asus that you only want MoBos from Malaysia? Good luck with that.

Whole computers? Hahahahahahaha. Dream on baby.

We're in a Globalized World. There's no turning back. Trying to weed out products based on politics or some ideology is impossible. You couldn't do it even if you had Gates' money.

So, on topic: worrying about trusting Chinese made equipment is a waste of time because you have no choice. I don't know what kind of software precautions you could take to mitigate any insecurity that you perceive unless you go back to paper files and doing shit by hand.

So the Chinese hardware must be doing fine (0)

Anonymous Coward | more than 4 years ago | (#31035388)

Otherwise the powers that be wouldn't resort to this kind of a sham campaign. For example the Chinese Loongson CPU [wikipedia.org] is very interesting. Not least for the fact there's no windoze MIPS port. It's also quite a technical feat.

Re:So the Chinese hardware must be doing fine (1)

ElectricTurtle (1171201) | more than 4 years ago | (#31035592)

Yes. All the sources [lmgtfy.com] that have found trojans on data storage from Chinese manufacturers are liars perpetrating this insidious 'sham'. Granted many of these problems are unrelated to the Chinese government, but that doesn't change the threat, only the underlying motivation for the threat.

Ahem *cough* why is "china" singled out?? (-1, Troll)

lkcl (517947) | more than 4 years ago | (#31035396)

um.... why is there an assumption that it is only china that "cannot be trusted"??

why is it assumed that there is not a hardware spying bug in Pentium Processors, one which would, being quotes A well installed microcode bug [which] will be almost impossible to detect. quotes

ehn?

and before thinking that "this is crazy, a U.S. firm wouldn't possibly do that" bear in mind that i've already had some experience of receiving a very weird series of SPAM messages, following which my machine started acting very very weird.

my guess is that simply by receiving that SPAM message, there was encoded within it some power-fluctuations or signal fluctuations which the CPU could pick up and "activate" whatever it was that was wanted to be activated by whomever it was that sent the SPAM message.

i'm not saying who it was that sent the SPAM - except that it wasn't from a U.S. organisation.

now, again, before you dumb fuckers with "Troll Trigger Happy" fingers go "this guys fucking nuts let's get rid of him with a Troll moderation", think about this: if i was saying "I heard that China attacked some guy's computer, he's a friend of mine in China", you'd put "Informative" or "Interesting" +1, right? THINK impartially - unlike the last time i mentioned something like this - "is this guy out to deliberately cause trouble and DELIBERATELY bait people (definition of Troll)" or "is this guy mentioning something controversial, from his own direct experience, just like all the other people in the world who report all their personal and directly experienced controversial stories"?

Re:Ahem *cough* why is "china" singled out?? (1)

MikeBabcock (65886) | more than 4 years ago | (#31035460)

The ability to send signals upstream on the power lines worries me -- one could embed signals in the power supply fluctuations and leak data to anyone else on the line.

I read that somewhere (0)

Anonymous Coward | more than 4 years ago | (#31035758)

I read something about that where, because of how poorly grounded most keyboards are, the keyboard signal was transmitted along the ground wire and back into the power-outlet. A keylogger could then be plugged in anywhere within 10m of the outlet (as the wires flow) and detect the keystrokes of the keyboard all without compromising the computer at all.

The other one was installing a keylogger into the USB keyboard itself, this required two compromises, one to install, one to retrieve the data. Again, this didn't require hacking the computer itself, just unplugging the keyboard twice.

Re:Ahem *cough* why is "china" singled out?? (3, Informative)

Reapman (740286) | more than 4 years ago | (#31035562)

Ummm maybe they're singling out China because of, as the Summary points out, recent events?

If the US government (or ANY government) was strongly suspected of doing the same thing, and that country was a leading supplier of xyz goods, you'd see a similar article posted. It's how news works.

It really depends on who "you" are... (5, Interesting)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#31035462)

In a general sense, you really can't trust any computer equipment that you didn't build yourself, pretty much from the ground up(as the issues with compilers and microcode suggest). I'm pretty sure that using somebody else's sand to make your silicon is safe; but that's about it.

Computer gear hasn't quite reached biological levels of complexity, where trust is even harder(one malformed Prion in a batch of millions can end up eating holes in your brain); but, from the perspective of a user who isn't a tech god, it might as well have.

That being so, the question of whether you can trust Chinese computer equipment is basically a political one. China's general enthusiasm for industrial espionage is well known, so if you have data on interesting technology or military stuff, the answer is almost certainly "no". If you are basically just Joe Consumer, though, your data are just noise obscuring what Chinese intelligence really wants. You would do better to be worried about the botnet your PC is part of, Google, ChoicePoint, Equifax, the NSA, and whoever is taking advantage of CALEA at that particular moment. The world of technology is a ghastly morass of potential backdoors, quite a few of them not even hidden, that most of us are constantly vulnerable to, and, in a great many cases, actively being monitored through.

Bugged Chinese chips are definitely something to think about if you are doing military COTS procurement, or doing security for somebody who has data of real interest; but, for most of us, it's all just one more piece of assymetric transparency. I, for one, don't feel any warmer and fuzzier about the Americans spying on me than the Chinese spying on me(worse, in fact, because some sinister chinese intelligence agency is substantially less likely to sell my information to advertisers, make it harder to get medical insurance, or damage my credit rating than some warm, fuzzy, American multinational corporation).

I really hope that this threat leads to a general recognition of the need for sound and open practices for security(both in the sense of novel CS research on how to do maximally verifiable stuff, test blackboxes, build verified bootstrap compilers, etc, etc. and in the sense of market acceptance of the fact that mysterious binary firmwares, and "just trust us" responses from vendors, and blackbox systems in general just aren't good enough). That would make things better for everybody. I get the unpleasant sense, though, that a lot of this concern is less about "We really need to understand how to build highly complex systems that are dependable and verifiable for those who use them." and more about "Goddam chinks, only we are supposed to have backdoors and surveillance capabilities!"

Re:It really depends on who "you" are... (0)

Anonymous Coward | more than 4 years ago | (#31035598)

China's general enthusiasm for industrial espionage is well known

Maybe that just means they're not very good at it.

It's no problem (1, Funny)

jDeepbeep (913892) | more than 4 years ago | (#31035464)

I'll just return my iPod Touch and my 2 MacBooks to Apple, with a little note about the Chinese manufacturing. I'm sure they will understand and give me my money back.

Computers are information networks (3, Insightful)

gurps_npc (621217) | more than 4 years ago | (#31035498)

It is a rather simple military rule that you create your own information networks. You don't let your enemy or even your ally. Using Chinese made equipment for any military equipment is a bad idea. This is a no-brainer.

Sun? (0)

Anonymous Coward | more than 4 years ago | (#31035508)

Hey, where is the story of Jon Schwartz's resignation from sun??

Contratulations (1)

MemoryDragon (544441) | more than 4 years ago | (#31035516)

For outsourcing the production to the lowest bidder...

Programmers vs. Users (2, Interesting)

cdrguru (88047) | more than 4 years ago | (#31035518)

If you are a User, you have no choice but to trust the entire universe of code around you. Your watch could contain a rogue program, your car radio, your cell phone, your microwave oven. Everything is enabled with microprocessors programmed by unknown and unknowable people with unknown and unknowable motivations.

All you can do is hope for the best if you are a User.

However, if you are a Programmer you can only use code that you trust and have personally verified in addition to the rest of the Programmer community. Users don't count for much in this world, because they can't help out, they can only blindly follow. Some Users will have Programmer friends and they can just follow in their footsteps, like a line of soldiers through a minefield. Only Programmers have this power.

Sadly, the way people are wired only a very few are going to be Programmers. The rest simply do not have the skills or the mental faculties. The rest of the human race are doomed to simply be Users.

Evidence? (2, Interesting)

david.given (6740) | more than 4 years ago | (#31035524)

So, is there any actual evidence backing all this up, or is it just more anti-Chinese vilification?

(Remember, we have always been at war with Eastasia.)

Re:Evidence? (1)

Anonymous Psychopath (18031) | more than 4 years ago | (#31035680)

So, is there any actual evidence backing all this up, or is it just more anti-Chinese vilification?

(Remember, we have always been at war with Eastasia.)

Don't go talking sense, that sort of thing of frowned upon around here.

When all these negative posters donate their Chinese-manufactured iPhones and Android-based devices to charity I'll stop thinking of them as tin-foil hat wearing hypocrites.

Re:Evidence? (3, Insightful)

Jeng (926980) | more than 4 years ago | (#31035728)

Looks completely made up to me. Why just think about the times that the consumer has ran across hidden malware such as the Sony Rootkit incident. Experts saw unusual traffic and traced it back to a CD. Same thing would happen if a piece of equipment had hidden malware in it, someone would notice the suspicious traffic and trace it back to the source.

Sure... (4, Insightful)

ironicsky (569792) | more than 4 years ago | (#31035544)

While the USB memory key (in this example) could have low level software to snoop your data, how are they going to get it? Is the USB key going to open a TCP/IP or UDP connection back to their servers without tripping my firewall that a new application is trying to connect? Is my virus scanner going to get tripped that something suspicious is coming out of the key without my interaction?

Most decent virus scanners and firewalls will pick up on this. In a lot of corporate networks USB Mass media is disabled. I'd love to see a proof of concept that can get around these common checks... If anyone has a USB key that can do this, please let me know :-) I'll happily test it.

Can Avoid Chinese "controlled" products (0)

Anonymous Coward | more than 4 years ago | (#31035604)

I am glad to see someone else asking this question. Obviously we can not avoid Chinese goods in all respects, but this does keep me from ever buying a Lenovo.

Costs (1)

HForN (1095499) | more than 4 years ago | (#31035618)

It seems obvious that if you can't "trust anyone but yourself," then how in the world are you going to get anything done? The whole point of free trade is to let people specialize in what they do best.

As long as it is not part of ... (1)

wisnoskij (1206448) | more than 4 years ago | (#31035648)

Can You Trust Chinese Computer Equipment?
As long as it is not part of the Cruise Control.

Chinese made, not always = Chinese code (2, Informative)

MpVpRb (1423381) | more than 4 years ago | (#31035660)

Not all Chinese-made products contain Chinese computer code.

I am a consultant to a US company. Our products are made by Chinese companies, to our specifications.

I write all of the code, and it is loaded after the products get to the US.

At the end of the day, you gotta trust SOMEONE (2, Interesting)

King_TJ (85913) | more than 4 years ago | (#31035686)

I'm *far* from trying to defend China or claim they're "trustworthy" ... but taken to its logical conclusion, this line of thinking is a dead-end for most individuals and businesses. Ultimately, yes, you can't know for 100% certain a given piece of software is trusted unless you wrote it yourself .... but what's new? That's always been, and always will be the case ... and unless you were able to engineer your own computer processor and other components on the motherboard, etc. - you STILL can't prove you're running a completely trusted system, can you?

In reality, I think people have to possess some awareness of their computing environment, as a whole - and that may realistically be the best we can do. If some piece of gear is "compromised", it still has to communicate the information it stole to a receiver on the other end. That means, your firewall is capable of either blocking or at least logging that connection. There's also, of course, the "strength in numbers" facet to all of this. Maybe YOU as an individual never noticed something strange was going on with a piece of gear, but as thousands or millions of people become customers/users of the same gear, chance increase that SOMEONE will figure it out. Keep an eye on the tech news and Internet forums, and you'll receive pretty quick warnings about such things. (This is probably also a good argument for going with popular products, vs. obscure ones with a far lower installed user-base?)

israeli's have been doing this for 20 years (4, Informative)

cluemore (1617825) | more than 4 years ago | (#31035698)

talk about yer hardware backdoors ... this one is a pseudo random number generator that can be rigged to generate predictable keys. http://www.antiwar.com/orig/ketcham.php [antiwar.com]

Cisco (5, Interesting)

Lifyre (960576) | more than 4 years ago | (#31035706)

This isn't just for good known to be made in china. This past year we performed an audit of our network infrastructure with Cisco's help. We found almost 10% of our switches were counterfeit. They were all models of layer 2 and layer 3 switches and were virtually indistinguishable from genuine Cisco products down to the enhanced security IOS.

What2Do? (2, Interesting)

Thundercleets (942968) | more than 4 years ago | (#31035710)

It was more or less common knowledge that in China (as I'm sure it must be elsewhere) that if the military saw a technology it liked it would just take it. If anyone at the factory complained they became organ doners. If the IP owner complained they usually ran into delivery problems, workers strikes or were just kicked out. Think of Lucent's fiber optics fiasco and the observation that most Chinese domestic router manufacturers seem to use router code that looks suspiciously like IOS. It goes without saying that this also applied not just to things that were taken out of a factory but also to things that were brought in. If this were a real concern which it should be, then the different governments who should be concerned about it should implement a standard where this kind of thing is checked for and those clearing it bear a seal of some type. Considering the way the PRC is buying campaigns in the US I doubt it will happen here.

Just use old-fashioned encryption (1)

gaelfx (1111115) | more than 4 years ago | (#31035782)

Seriously, I teach in China, and I've met many, many, MANY Chinese people that "know English," so the good old-fashioned keep-your-documents-in-a-foreign-language routine is probably sufficient enough to ensure that your actual information is safe from Chinese eyes. They translate everything from English to Chinese word by word still, most of them can't actually understand an English sentence without converting it bit by bit to Chinese, where 90% of actual relevant information ends up missing. Just think about it, if the US government really needed any information from a Chinese company (for God knows what reason), we would be scrambling to decrypt some mundane QQ message saying something about going out to drink beer tonight and then bangin some hookers. The information is safe as long as you aren't producing 'sensitive information' type documents in Chinese.

We didnt even know 1984 had already arrived... (0)

Anonymous Coward | more than 4 years ago | (#31035860)

Its not getting any better. Now it seems that it was worse then in "1983" than we thought. Component level plans were well underway.
The Chinese have things in perspective... " its not an event its a process"

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>