Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can You Trust Chinese Computer Equipment?

Posted by kdawson on from the or-anybody's-really dept.

Ian Lamont writes "Suspicions about China slipping eavesdropping technology into computer exports have been around for years. But the recent spying attacks, attributed to China, on Google and other Internet companies have revived the hardware spying concerns. An IT World blogger suggests the gear can't be trusted, noting that it wouldn't be hard to add security holes to the firmware of Chinese-made USB memory sticks, computers, hard drives, and cameras. He also implies that running automatic checks for data of interest in the compromised gear would not be difficult." The blog post mentions Ken Thompson's admission in 1983 that he had put a backdoor into the Unix C compiler; he laid out the details in the 1983 Turing Award lecture, Reflections On Trusting Trust: "The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."

4 of 460 comments (clear)

  1. Re:Short and Sweet by ElectricTurtle · · Score: 0, Troll

    The fact that you insinuate that Bertrand Russell was a man of weak reasoning or understanding speaks volumes about your own biases. I suspect that you harbor some negativity toward more Chinese than just the government.

    --
    I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
  2. Re:Another reason by nedlohs · · Score: 0, Troll

    Why does a totalitarian regime have to keep the workers happy? Squishing them with tanks when they complain seems simpler.

    And what is difference to the worker if instead of selling the stuff built with their labor to the US, the Chinese government just buys it directly from them with freshly printed yuan and dumps it in the ocean? What changes, other than China not collecting IOUs that it exchanges for more IOUs.

  3. Trust no one by b0ttle · · Score: 0, Troll

    And why would I trust other countries like the US ?

  4. Re:Short and Sweet by Capt.DrumkenBum · · Score: 0, Troll

    That China is a corrupt dictatorship that brutally oppresses its own citizens and has a history of "cyber-attacks" worldwide?

    And that is different from the US how exactly?

    --
    If I were God, wouldn't I protect my churches from acts of me?