Slashdot Mirror
Can You Trust Chinese Computer Equipment?
Ian Lamont writes "Suspicions about China slipping eavesdropping technology into computer exports have been around for years. But the recent spying attacks, attributed to China, on Google and other Internet companies have revived the hardware spying concerns. An IT World blogger suggests the gear can't be trusted, noting that it wouldn't be hard to add security holes to the firmware of Chinese-made USB memory sticks, computers, hard drives, and cameras. He also implies that running automatic checks for data of interest in the compromised gear would not be difficult." The blog post mentions Ken Thompson's admission in 1983 that he had put a backdoor into the Unix C compiler; he laid out the details in the 1983 Turing Award lecture, Reflections On Trusting Trust: "The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."
This is just another reason for me to not want to buy Chinese made goods. Unfortunately, so much is made in China that it is nearly impossible to completely avoid the country.
I don't like Linux. This doesn't make me a troll.
Considering where a lot of this stuff comes from, it should probably read, "Can You Trust Computer Equipment?"
Freedom is drinking a beer in the park when you're supposed to be at work.
The referenced to article doesn't actually state he included a back door. It was a proof of concept demo apparently: Suppose we wish to alter the C compiler
"one the creators of Unix, admitted that he had included a backdoor in early Unix versions. Thompson's backdoor gave him access to every Unix system then in existence"
In a general sense, you really can't trust any computer equipment that you didn't build yourself, pretty much from the ground up(as the issues with compilers and microcode suggest). I'm pretty sure that using somebody else's sand to make your silicon is safe; but that's about it.
Computer gear hasn't quite reached biological levels of complexity, where trust is even harder(one malformed Prion in a batch of millions can end up eating holes in your brain); but, from the perspective of a user who isn't a tech god, it might as well have.
That being so, the question of whether you can trust Chinese computer equipment is basically a political one. China's general enthusiasm for industrial espionage is well known, so if you have data on interesting technology or military stuff, the answer is almost certainly "no". If you are basically just Joe Consumer, though, your data are just noise obscuring what Chinese intelligence really wants. You would do better to be worried about the botnet your PC is part of, Google, ChoicePoint, Equifax, the NSA, and whoever is taking advantage of CALEA at that particular moment. The world of technology is a ghastly morass of potential backdoors, quite a few of them not even hidden, that most of us are constantly vulnerable to, and, in a great many cases, actively being monitored through.
Bugged Chinese chips are definitely something to think about if you are doing military COTS procurement, or doing security for somebody who has data of real interest; but, for most of us, it's all just one more piece of assymetric transparency. I, for one, don't feel any warmer and fuzzier about the Americans spying on me than the Chinese spying on me(worse, in fact, because some sinister chinese intelligence agency is substantially less likely to sell my information to advertisers, make it harder to get medical insurance, or damage my credit rating than some warm, fuzzy, American multinational corporation).
I really hope that this threat leads to a general recognition of the need for sound and open practices for security(both in the sense of novel CS research on how to do maximally verifiable stuff, test blackboxes, build verified bootstrap compilers, etc, etc. and in the sense of market acceptance of the fact that mysterious binary firmwares, and "just trust us" responses from vendors, and blackbox systems in general just aren't good enough). That would make things better for everybody. I get the unpleasant sense, though, that a lot of this concern is less about "We really need to understand how to build highly complex systems that are dependable and verifiable for those who use them." and more about "Goddam chinks, only we are supposed to have backdoors and surveillance capabilities!"
It is a rather simple military rule that you create your own information networks. You don't let your enemy or even your ally. Using Chinese made equipment for any military equipment is a bad idea. This is a no-brainer.
excitingthingstodo.blogspot.com
Of course you can't. In fact, if you're anything like me, you can't even trust the code that you wrote yourself. A night filled with browsing old Russian Propoganda, Some Vodka, and Rufilin... You wake up the next morning and you have no idea whether that Tax Financer is just a Tax Financer.
While the USB memory key (in this example) could have low level software to snoop your data, how are they going to get it? Is the USB key going to open a TCP/IP or UDP connection back to their servers without tripping my firewall that a new application is trying to connect? Is my virus scanner going to get tripped that something suspicious is coming out of the key without my interaction?
Most decent virus scanners and firewalls will pick up on this. In a lot of corporate networks USB Mass media is disabled. I'd love to see a proof of concept that can get around these common checks... If anyone has a USB key that can do this, please let me know :-) I'll happily test it.
Ummm maybe they're singling out China because of, as the Summary points out, recent events?
If the US government (or ANY government) was strongly suspected of doing the same thing, and that country was a leading supplier of xyz goods, you'd see a similar article posted. It's how news works.
talk about yer hardware backdoors ... this one is a pseudo random number generator that can be rigged to generate predictable keys.
http://www.antiwar.com/orig/ketcham.php
This isn't just for good known to be made in china. This past year we performed an audit of our network infrastructure with Cisco's help. We found almost 10% of our switches were counterfeit. They were all models of layer 2 and layer 3 switches and were virtually indistinguishable from genuine Cisco products down to the enhanced security IOS.
I'll meet you at the intersection of "Should be" and "Reality"
Looks completely made up to me. Why just think about the times that the consumer has ran across hidden malware such as the Sony Rootkit incident. Experts saw unusual traffic and traced it back to a CD. Same thing would happen if a piece of equipment had hidden malware in it, someone would notice the suspicious traffic and trace it back to the source.
Don't know something? Look it up. Still don't know? Then ask.
DoD is really worried about this. They're trying to develop ways to efficiently examine ICs to check for unexpected "features". Right now, it's necessary to open up the IC and put it under a scanning electron microscope, then use software that can extract the logic diagram from the scan.
One of the obvious places to put in a "back door" is in Ethernet controllers. Many used in servers already have logic for hardware "remote administration" (turn machine off, reboot, load code, etc.). It is supposed to be disabled by default, and work only when initialized with keys during hardware installation. Just build a set of default remote administration keys into the chip, and everyone using that chip is 0wned. Send the right UDP packets, and you can take over the machine. This would be completely invisible until activated.
Nearly all Intel CPUs are made in the US. Most of Intel's fabs are located throughout the US. The do have one in Ireland and one in Israel but that's it. None are in China. So your CPU, the actual silicon part, is made in the US most likely (all the new 45nm and 32nm stuff is I think). Now you'll probably see a stamp on it for places like Costa Rica or Singapore or the like. That is where is was packaged, where the silicon was put in the actual metal until you buy. You'll still note, that doesn't happen in China.
You also might want to have a look at all the other CPU makers out there. AMD, Motorola, IBM, Marvell, all US companies. While some of them do fab in other locations (AMD has most of their fab work done by Global Foundries in Germany), they are US companies and do a great deal (sometimes all) of their design work in the US. In fact the only non-US processor companies I can think of are Hitachi (Japanese) and ARM (British).
There is a fairly large amount of counterfeit Cisco gear floating around
http://www.networkworld.com/news/2006/102306counterfeit.html
http://www.networkworld.com/community/node/13213
http://www.andovercg.com/services/cisco-counterfeit-wic-1dsu-t1.shtml
And we all know where this stuff is made.
OTOH we just bought a huge pile of new Juniper stuff at work, every single piece "Made in China".
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
After all we did that to the Russians in the 80's causing one of their large oil pipelines to explode. Does it make you feel better that Microsoft gave China a peek at the full source code for Windows? http://www.builderau.com.au/architect/work/soa/US-software-blew-up-Russian-gas-pipeline-/0,339024596,320283135,00.htm
"I'm not a quack, I'm a mad scientist! There's a difference." - Dr. Cockroach
and before thinking that "this is crazy, a U.S. firm wouldn't possibly do that" bear in mind that i've already had some experience of receiving a very weird series of SPAM messages, following which my machine started acting very very weird.
my guess is that simply by receiving that SPAM message, there was encoded within it some power-fluctuations or signal fluctuations which the CPU could pick up and "activate" whatever it was that was wanted to be activated by whomever it was that sent the SPAM message.
To be fair, the "Troll" mod is also used as a substitute for "Batshit-Crazy".
WARNING! This post is encoded with power and signal fluctuations that which will cause your machine to start acting very very weird. Again, if your computer starts acting very very weird after you read this it is because of this post.
Now that I think about it, I'm pretty sure everything I just said is completely wrong.
Because the entire point of someone a LOT smarter then you, is that if the very tool you use is compromised, then how can you ever check it? Your write your program to the memory, but the memory controller itself is corrupted. So you check everything, and you never see anything wrong.
A compromised system can never be trusted and if you don't control the system, then you can never know it is compromised unless you verify every last detail, down to grinding the top of the chip and seeing exactly what the layout is. And do this for every last element.
How do you know there is not a simple element in the USB connector that records everything? How do you know the simple chip in your ethernet card doesn't transmit everything? How do you know your router hasn't been hardcoded to ignore such traffic?
You don't. Granted, putting it all together seems like an enormous task and there are far simpler ways of spying. But it is possible.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I was a gung-ho CS student when this article came out, and we spent a LOT of time hashing it over. He specifically did not say that he had done this, and while I don't remember him making an outright denial, we concluded that he hadn't. After all, the C compilers of that day were still small enough to be understood by a single human, and comparing C code to the assembly code generated from it (or comparing that assembly code to generated machine instructions) was not very challenging.
Maybe the Jargon File entry is right, and he did implement it as a proof-of-concept, but it wasn't widely distributed. It was easy enough for an interested (and bored) undergrad to check out over a weekend, but hard enough that compiler distributions weren't routinely examined.
With today's optimizing compilers and layers upon layers of abstraction, though, it seems like there's more than enough room for plenty such exploits. Pham Nuwen can still have his backdoor into the localizers.
The ultimate hinge point in WWI was when Germany executed a war plan that called for a two front war when their treaty obligations only called for a one front war. Simply because the plans called for them to invade Russia and France simultaneously they did so even though Russia was the only one that had declared war (and France wasn't even involved). The generals at the time in Germany couldn't even imagine diverging from the war plan and the war plan called for invading France. Rather than stand up to his Generals the Kaiser caved and allowed the invasion of France (I believe he uttered the phrase "rolling the iron dice").
This is the entire reason France and the UK blamed Germany for the war and imposed all the war's costs on Germany (thereby causing WWII). The mindset in WWI Germany is incomprehensible today but the reason WWI happened (a much smaller war could have happened) is because there was a plan that wasn't applicable but the people in charge couldn't imagine deviating from the plan and the guy in ultimate charge wouldn't stand up to the ones tasked with fighting the war. The German/Russian/Austrian front of the war was minuscule in comparison to what happened on the French/German/Dutch border where entire armies (and two generations of French/German/English) were ground into hamburger in modern warfare. The greatest lesson of WWI is plans are great to have but they aren't the blueprint for the war that must be followed, iron adherence to a plan regardless of situation is suicide.
I think it would be difficult to do a company like HP. Any additional chip means additional cost, and HP would notice this right away. It would have to be a company that collaborates in the design stage.
Intel has their own network-facing backdoor built into their chips. HP uses them in its laptops - and HP's outsouced-IT service organization supplies these machines to the companies which hire them.
Look up "Intel AMT" on the web. There's lots of stuff on it available there. It's a "feature" intended for large companies' IT operations to use to remotely administer the workers' laptop and desktop machines: Remote update software, detect malware, cut misbehaving machines off the LAN or shut them down, monitor workers' behavior, ...
It is "below" the main CPU(s) and OS. It runs even if the main machine is off. It is a man-in-the-middle on the network interface, accepting its own connections from the "mother ship" and configurable to "phone home" when on the road. It can monitor and twiddle all the network traffic, monitor all the I/O (including keystroke logging), access the hard drive, stop the processor, monitor applications for watchdog events and shut them down if they "misbehave", halt and restart the main processors, yadda yadda yadda.
It can also present one of its own intercepted connections-from-afar to the main processor as if it were a terminal interface on another chip. The recommended way to configure Linux or Unix on the box is for this interface to be given a login process with root login privileges.
How do you know if it's disabled? The BIOS TELLS you it's disabled. (If you believe that, especially after the next BIOS firmware update, would you be interested in some land in Nevada?)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way