Slashdot Mirror
Can You Trust Chinese Computer Equipment?
Ian Lamont writes "Suspicions about China slipping eavesdropping technology into computer exports have been around for years. But the recent spying attacks, attributed to China, on Google and other Internet companies have revived the hardware spying concerns. An IT World blogger suggests the gear can't be trusted, noting that it wouldn't be hard to add security holes to the firmware of Chinese-made USB memory sticks, computers, hard drives, and cameras. He also implies that running automatic checks for data of interest in the compromised gear would not be difficult." The blog post mentions Ken Thompson's admission in 1983 that he had put a backdoor into the Unix C compiler; he laid out the details in the 1983 Turing Award lecture, Reflections On Trusting Trust: "The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."
This is just another reason for me to not want to buy Chinese made goods. Unfortunately, so much is made in China that it is nearly impossible to completely avoid the country.
Some component of your car, cell phone, computer, etc. is going to be made in China. I have a feeling eventually they will catch on that people aren't buying Chinese made stuff and will just put stamps on it from their more friendly neighboring countries.
Posts not to be taken literally. Almost everything is sarcasm.
Considering where a lot of this stuff comes from, it should probably read, "Can You Trust Computer Equipment?"
Freedom is drinking a beer in the park when you're supposed to be at work.
I have a feeling eventually they will catch on that people aren't buying Chinese made stuff and will just put stamps on it from their more friendly neighboring countries.
It's not as simple as "put stamps on it from their more friendly neighboring countries" when those neighboring countries do not have the high-tech industrial base to produce the hardware in question.
On a strategic level, the USA really screwed the pooch by chasing the lowest bidder and not building up our domestic capacity to produce these items. And for you small gov't types, this is an example of free market principles colliding with what is effectively a national security issue.
[Fuck Beta]
o0t!
AFAIK, this is the only CPU still made in America.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The referenced to article doesn't actually state he included a back door. It was a proof of concept demo apparently: Suppose we wish to alter the C compiler
"one the creators of Unix, admitted that he had included a backdoor in early Unix versions. Thompson's backdoor gave him access to every Unix system then in existence"
The Chinese Government is unlikely to be interested in spying on US citizens (or taking control of their computers). They'll be spying on their own citizens.
Similarly, the US Government is more likely to spy on US citizens.
In a general sense, you really can't trust any computer equipment that you didn't build yourself, pretty much from the ground up(as the issues with compilers and microcode suggest). I'm pretty sure that using somebody else's sand to make your silicon is safe; but that's about it.
Computer gear hasn't quite reached biological levels of complexity, where trust is even harder(one malformed Prion in a batch of millions can end up eating holes in your brain); but, from the perspective of a user who isn't a tech god, it might as well have.
That being so, the question of whether you can trust Chinese computer equipment is basically a political one. China's general enthusiasm for industrial espionage is well known, so if you have data on interesting technology or military stuff, the answer is almost certainly "no". If you are basically just Joe Consumer, though, your data are just noise obscuring what Chinese intelligence really wants. You would do better to be worried about the botnet your PC is part of, Google, ChoicePoint, Equifax, the NSA, and whoever is taking advantage of CALEA at that particular moment. The world of technology is a ghastly morass of potential backdoors, quite a few of them not even hidden, that most of us are constantly vulnerable to, and, in a great many cases, actively being monitored through.
Bugged Chinese chips are definitely something to think about if you are doing military COTS procurement, or doing security for somebody who has data of real interest; but, for most of us, it's all just one more piece of assymetric transparency. I, for one, don't feel any warmer and fuzzier about the Americans spying on me than the Chinese spying on me(worse, in fact, because some sinister chinese intelligence agency is substantially less likely to sell my information to advertisers, make it harder to get medical insurance, or damage my credit rating than some warm, fuzzy, American multinational corporation).
I really hope that this threat leads to a general recognition of the need for sound and open practices for security(both in the sense of novel CS research on how to do maximally verifiable stuff, test blackboxes, build verified bootstrap compilers, etc, etc. and in the sense of market acceptance of the fact that mysterious binary firmwares, and "just trust us" responses from vendors, and blackbox systems in general just aren't good enough). That would make things better for everybody. I get the unpleasant sense, though, that a lot of this concern is less about "We really need to understand how to build highly complex systems that are dependable and verifiable for those who use them." and more about "Goddam chinks, only we are supposed to have backdoors and surveillance capabilities!"
Of course you can't. In fact, if you're anything like me, you can't even trust the code that you wrote yourself. A night filled with browsing old Russian Propoganda, Some Vodka, and Rufilin... You wake up the next morning and you have no idea whether that Tax Financer is just a Tax Financer.
While the USB memory key (in this example) could have low level software to snoop your data, how are they going to get it? Is the USB key going to open a TCP/IP or UDP connection back to their servers without tripping my firewall that a new application is trying to connect? Is my virus scanner going to get tripped that something suspicious is coming out of the key without my interaction?
Most decent virus scanners and firewalls will pick up on this. In a lot of corporate networks USB Mass media is disabled. I'd love to see a proof of concept that can get around these common checks... If anyone has a USB key that can do this, please let me know :-) I'll happily test it.
You know that 2/3 of the phrase "trust but verify" is meaningless oxymoronic bullshit designed to mask the harshness of the only significant word, right? Like "strong but sensitive" or "sexy but geeky".
If you were blocking sigs, you wouldn't have to read this.
You know that 2/3 of the phrase "trust but verify" is meaningless oxymoronic bullshit designed to mask the harshness of the only significant word, right? Like "strong but sensitive" or "sexy but geeky".
It's a good point, but that 2/3 of the phrase is what keeps the potential client from being insulted. The majority of business is sugar coating the harsh truth to keep people on your side and hopefully more of their money going into your wallet.
Posts not to be taken literally. Almost everything is sarcasm.
> You'll note nothing seems to get cheaper to the end user.
Since we're talking about computer equipment, this is demonstrably false.
talk about yer hardware backdoors ... this one is a pseudo random number generator that can be rigged to generate predictable keys.
http://www.antiwar.com/orig/ketcham.php
This isn't just for good known to be made in china. This past year we performed an audit of our network infrastructure with Cisco's help. We found almost 10% of our switches were counterfeit. They were all models of layer 2 and layer 3 switches and were virtually indistinguishable from genuine Cisco products down to the enhanced security IOS.
I'll meet you at the intersection of "Should be" and "Reality"
It's not that it is an additional chip, it is a different chip all together.
For example:
the ICH (southbridge) on your system likely handles the following things for you:
keyboard/mouse
USB
IDE
SATA
FireWire
Lan on Motherboard
Boot from BIOS
WebCam
Using an ARM/ARC/MIPS core + SRAM added to the circuit of the ICH and fabbed as a "special item" one could conceivably manufacture motherboards with a larger than spec flashrom (to hold NVRam data for the extra proc) and so long as your system was on (possibly even "off" but plugged in if you can make it low enough power to run on standby voltage) you can datalog nearly anything.
Parse the data for the interesting bits and store that to a hidden file on the HDD (since you're the controller for the HDD this should be trivial, no one will miss 1 meg of sectors you've marked bad).
When you have an internet connection SSH over to your drop server (you run the ethernet MAC remember) and unload your stash.
Really not all that far fetched and as long as the government pays for it (the fab of chips) you can sub these into assembly and not even no there was something wrong on the system even with a physical inspection.
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
DoD is really worried about this. They're trying to develop ways to efficiently examine ICs to check for unexpected "features". Right now, it's necessary to open up the IC and put it under a scanning electron microscope, then use software that can extract the logic diagram from the scan.
One of the obvious places to put in a "back door" is in Ethernet controllers. Many used in servers already have logic for hardware "remote administration" (turn machine off, reboot, load code, etc.). It is supposed to be disabled by default, and work only when initialized with keys during hardware installation. Just build a set of default remote administration keys into the chip, and everyone using that chip is 0wned. Send the right UDP packets, and you can take over the machine. This would be completely invisible until activated.
They said that before World War I too.
Anyone yelling their personally identifying info into a microphone deserves what they get.
That's insightful? That's what's called a false dichotomy.
It's not mutually exclusive: The Chinese Government is likely to spy BOTH on US citizens AND their own citizens, just for different purposes.
The US Government does both as well, but US abuses of US citizens are more likely to have discovery and recourse than China's abuse of Chinese.
Just a bad argument all around.
passetspike!
I'd trust the Chinese further than most of my neighbours.
That's a bit sad. I get on quite well with the majority of my neighbours, but most people I know who have wide experience of commercial dealing with Chinese (not to be confused with personal interactions with individuals and their families) have told me of a catalogue of dishonest, conspiratorial and treacherous activities. Basically, it seems their attitude is that "westerners" are fair game, since their rules are just not recognised by the Chinese.
Adopting this attitude in comparatively small business dealings is one thing, but enshrining it in (unofficial) government policy is another. If the Chinese insist on treating other nations as enemies, they should expect the same in return. The fact that our governments and corporations are so ready to kowtow to them for their business is nothing short of sickening.
Actually, it's probably going to be a little bit of both.
Look, we need to remember something here - it's not like we were manufacturing high-quality goods in the US when we were still manufacturing goods. There's a reason people stopped buying American cars, for example. Sure, you can point at something made in the US from 50 years ago and say, "Ah ha! See? Our stuff was better!", but that's just selection bias. Of course the stuff that made it to today from 50 years ago is more durable than the stuff we have lying around our house now. That's why it's over 50 years old.. All the crappy stuff that fell apart instantly fell apart fifty years ago.
Back in the day, we made TVs. In those days, TVs were so expensive, TV repair was a legitimate career path. Nowadays, TVs are so cheap that it just doesn't make sense, which is why you don't see too many black & white TVs running around these days. Heck, the transition from analog TV to high definition TV will probably take less time for most families than the transition from black & white to color, if only because the cost of high definition TVs is falling so fast and so far that, when people's analog TVs die every 3-5 years (or so), they'll be able to easily afford a high definition one. How long did it take for VCRs to disappear once DVDs came out? The reason we can make these transitions so quickly these days is because of inexpensive manufactured goods.
That said, back in the day, we were pretty much the only industrialized country on the planet. After World War 2, the US was the only country around that had a significant industrial base that hadn't been bombed into the Stone Age (at least the only one of a decent size - obviously Australia, Canada, and New Zealand were still in decent shape, too). Guess who was the world's China? That's right - the US, which is why, even if we switch to a protectionist stance, we're never getting back to a world in which the United States is 10x more prosperous than every other country on the planet. There's simply too much competition these days. Of course, back in the day, China was starving - that's less of an issue now. Back in the day, Mexico was a backwards, lawless hellhole. Nowadays, they possess the 13th highest GDP in the world, just ahead of Australia, with a slightly lower per capita GDP than Russia and Turkey. That's still not great, mind you, but it's still more than double China's and a heck of a lot better than it was at the turn of the last century. Japan is now a world-leading economic power; going into World War 2, they were just a regional power, roughly along the lines of South Africa today and with roughly the same amount of regional and international pull. South Korea? They weren't even a regional power when they gained independence from Japan after World War 2.
Besides, life in the '50s and '60s wasn't that great in the US anyway, especially if you actually possessed melanin or were unfortunate enough to live in the South. Even if you were white, middle class meant something very different in '50s-era Birmingham than it meant in, say, '50s-era Detroit or Cleveland. Even if you were fortunate enough to live in an industrial city with lots of well-paying union jobs, what'd you get for it back then? A cookie-cutter suburban home sans-grounded wiring, a car that would rust or fail every three years or 50,000 miles, a TV if you really saved up for it, and lots and lots of canned food. Back then, frozen food was considered so novel and interesting that four-star restaurants in New York used to advertise that they used frozen product. Seriously, if you compared '50s America with today's... oh... Jamaica, you'd find yourself picking Jamaica in a heartbeat, and not just because of the weather.
I was a gung-ho CS student when this article came out, and we spent a LOT of time hashing it over. He specifically did not say that he had done this, and while I don't remember him making an outright denial, we concluded that he hadn't. After all, the C compilers of that day were still small enough to be understood by a single human, and comparing C code to the assembly code generated from it (or comparing that assembly code to generated machine instructions) was not very challenging.
Maybe the Jargon File entry is right, and he did implement it as a proof-of-concept, but it wasn't widely distributed. It was easy enough for an interested (and bored) undergrad to check out over a weekend, but hard enough that compiler distributions weren't routinely examined.
With today's optimizing compilers and layers upon layers of abstraction, though, it seems like there's more than enough room for plenty such exploits. Pham Nuwen can still have his backdoor into the localizers.
The ultimate hinge point in WWI was when Germany executed a war plan that called for a two front war when their treaty obligations only called for a one front war. Simply because the plans called for them to invade Russia and France simultaneously they did so even though Russia was the only one that had declared war (and France wasn't even involved). The generals at the time in Germany couldn't even imagine diverging from the war plan and the war plan called for invading France. Rather than stand up to his Generals the Kaiser caved and allowed the invasion of France (I believe he uttered the phrase "rolling the iron dice").
This is the entire reason France and the UK blamed Germany for the war and imposed all the war's costs on Germany (thereby causing WWII). The mindset in WWI Germany is incomprehensible today but the reason WWI happened (a much smaller war could have happened) is because there was a plan that wasn't applicable but the people in charge couldn't imagine deviating from the plan and the guy in ultimate charge wouldn't stand up to the ones tasked with fighting the war. The German/Russian/Austrian front of the war was minuscule in comparison to what happened on the French/German/Dutch border where entire armies (and two generations of French/German/English) were ground into hamburger in modern warfare. The greatest lesson of WWI is plans are great to have but they aren't the blueprint for the war that must be followed, iron adherence to a plan regardless of situation is suicide.