Slashdot Mirror
US Tech Firms Fear China Could Be Spying On Them Using Power Cords, Report Says (cnbc.com)
An anonymous reader quotes a report from CNBC: Fearing that China could be spying on them using power cords and plugs, several U.S. technology companies have asked their Taiwanese suppliers to shift production of some components out of the mainland, Nikkei Asian Review reported on Friday. The report cited unnamed executives from two Taiwanese companies: Lite-On Technology, a manufacturer of electronic parts, and Quanta Computer, a supplier of servers and data centers. Lite-On's clients include Dell EMC, Hewlett-Packard and IBM, while Quanta counts Google and Facebook among its customers, according to Nikkei. The executives told Nikkei that some of their American clients -- without specifying which companies -- asked them to move out of China partly because of cyberespionage and cybersecurity risks. The U.S. tech firms were worried that even mundane components such as power plugs could be tapped by Beijing to access sensitive data, according to the report. According to the report, Lite-On Technology is building a new factory in Taiwan to manufacture power components for servers due to China's cybersecurity concerns. Quanta has also shifted production out of mainland China to Taiwan due to similar concerns, as well as additional tariffs imposed by Washington as a result of the U.S.-China trade war.
https://www.amazon.com/KJB-Security-C1184-Camera-covert/dp/B0054GQAJU
If you're worried about power plugs, you should be worried about anything that plugs in, or even is battery powered. An office heater or fan, desk lamp, etc can spy on your power signature almost as well as the extension cord used to power things. A battery powered headset can spy wirelessly too. You could even take it a step further and suspect shoes made in China, they could contain kinetically charged batteries with spying equipment.
So, if you want to be paranoid, you have to ban everything made in China.
...allowed to spy on Americans. I'm sure that is written in the Constitution somewhere.
Time is what keeps everything from happening all at once.
Dell's rather infamous for having a chip between your power adapter and laptop that cripples your machine's performance if it determines the power adapter is either missing the appropriate wattage or the 'authentic' chip that would tell it that this is the case. What more could that system do?
Next thing you know, you'll tell me that power lines can be used to provide high speed internet to devices, and it's relatively simple to use any USB device to do things, just like your keyboards as well as your microphones and cameras, even when you think they're off.
oh
wait
it is
-- Tigger warning: This post may contain tiggers! --
Apparently, these US companies have nobody left that understands technology. Such an attack would be both ineffective and far, far more expensive than other possibilities. Requires some minimal actual knowledge of IT security to see that though, but all these people seem to have is irrational fear.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
the bump could be a ferrite. it could be a tap. easy enough to cut off the insulation on X number of cords and see what's there. or soak them in methylene chloride for a while.
if this is supposed to be a new economy, how come they still want my old fashioned money?
So, if you want to be paranoid, you have to ban everything made in China.
Why China? China is only suspected of using consumer electronics to spy whereas we actually know for certain that the US government has been using consumer electronics to spy on people.
Well power chords are impossible to overlook. They just go on and on. You could take a nap during one.
Nobody is spying via hacked power cords. It does not make sense technologically. Like at all.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
ICD-10 Diagnose Code: F60.0
Cause: a result of an underlying belief that other people are hostile [and long time spying on others] in combination with a lack in self-awareness
Treatment: hard to treat, i.e. a terminal illness.
This is the proper level of "paranoia" required to keep data secret! However, US tech companies should also be having the realization that they need to stop selling/enabling insecure products because the buyers may end up being their workers. Hack a worker's wireless printer via internet (easy), move laterally via bluetooth to their smartphone (outdated and insecure) and you have a remote surveillance device in your "secure" workplace. Each step of insecurity brought to you by good ol' US tech companies.
There is so much insecurable crap in computers and products that it's going to be a monumental task to actually secure companies. Sure hope PS/2 keyboards and mice are coming back into fashion because USB is a security nightmare.
You reap what you sow, US tech companies!
Anons need not reply. Questions end with a question mark.
... proud that their country hosts hackers that are the envy of the world. There are major roles in movies that glamorize the nerdy hacker.
The USA, meanwhile, represents the gullible victim.
It little behooves the best of us to comment on the rest of us.
Nobody is spying via hacked power cords. It does not make sense technologically. Like at all.
Well, nobody is spying via hacked power cords alone. You could hide a MCU with wifi and a camera and/or mic in one easily enough, but it would have to have a network to connect to... And nobody's dumb enough to have open networks in their corporation connected to the internet, right? RIGHT? Hmm... no, they probably are. So it makes at least a little sense.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
... from the same "reliable" sources that still owe us a presentation of the spy-chips on the SuperMicro boards?
I'm not so sure about that. Everything needed to connect to a WiFi network could be hidden in a power cable, both easily and cheaply. Once powered, the "SmartCable" could look for an open network, or use known exploits to attack a secure WiFi network. There would be plenty of time. If it ever successfully connects, it could report home, do a firmware update, and wait for commands. Throw tens of thousands of these cords into the markets of your target, and some of them are bound to turn up something juicy.
The only problem would be that this would be easy to find. A dumb power cord really shouldn't have an MCU. Once there was evidence of this going on, trust in anything manufactured in China would fall substantially.
But this is all conspiracy theory until someone finds some hard evidence, but the fact that some tech firms are taking actually switching suppliers definitely gives me pause.
Nobody is spying via hacked power cords. It does not make sense technologically. Like at all.
Well, nobody is spying via hacked power cords alone. You could hide a MCU with wifi and a camera and/or mic in one easily enough,
Actually, that would be pretty hard. The problem is ironically that you need power and even a small PSU needs a transformer of a size that is not easily hidden because you cannot use mains power directly. Also, the PSU will be less efficient because of it small size and hence heat up and that is noticeable. And said PSU will create interference. And it will be easy to find by measuring capacitance between wires. And some other potential problems I am currently to lazy to examine in detail. Placing something like that in an USB cord is relatively easy, but in a power cord it is not.
No, sorry. The idea is a pure amateur-level fantasy. Any reasonably competent engineer will go for other options.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You may not be, but I am sure. This does not make sense, both directly because of severe problems and limitations and indirectly because other options are better. Now, hiding such things in a power adapter, for example, that is something else. But plugs and cords? No. Pure amateur-level fantasy.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Placing something like that in an USB cord is relatively easy, but in a power cord it is not.
If they've got supposed ferrite beads, the transformer is easily placed there. You also don't actually need a transformer. You would be able to find it by measuring capacitance, but you would have to be looking for it.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
For a power cord, you need the transformer. The only other option (high-voltage capacitor and mains-voltage level circuitry) is even larger and produces a lot more heat. And no, you cannot re-purpose a ferrite bead for that, the geometry is wrong. You seem to be forgetting that you have 3 rather thick copper wires in there and one of them is at mains voltage.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
No, you don't need a transformer. A capacitor, bridge rectifier and a linear regulator will very easily power an MCU and embedded wireless device. I've designed and built such a power supply for actually products you can buy off the shelf. They are very cheap, reliable, reasonably efficient, small, and make almost zero EMC noise. You only need a transformer if you want the output to be isolated from mains.
Is there really that much difference between China and Taiwan if China were going to have a backdoor installed into a product? (I'm not trying to start a debate on whether Taiwan is or isn't a part of China. Just pointing out that China's influence isn't that much reduced there.) If you were wanting to be protect yourself from Chinese backdoors then it would be better to choose one of the many other low cost production countries. Especially for something as simple as a power cord.
However, this sounds like another BS don't trust the Chinese stories put out by the US government in order to further weaken trade between the two countries. The problem is these don't trust the Chinese government and businesses start becoming shortened to don't trust Chinese and it becomes ingrained into the nation if done for long enough.
Bloomberg's test units were sabotaged in-transit in an obvious way in order to specifically discredit Bloomberg and their testing methodology and their supply chain so that when a story like this later comes out nobody will believe it.
IN PRISON WITHOUT A TRIAL.
You seem to have lost the point here. We were talking about using consumer electronics to spy. However, since you do bring it up while it does do this on the same scale as China the US's record is pretty abysmal.
Despite your continuing genocide and oppression the world over not everyone is out to get you. So calm down and take some of what ever your pharmaceutical industry is pushing the most currently.
The NSA is the telco down the street.
China still has to use wider US networks to get the data in and out.
Domestic spying is now "Benign Information Gathering"
https://spyassociates.com/usb-...
And they will be even larger and produce more heat than a transformer. You really are clueless how things actually work.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
USB connectors are easy for this. Mains power connectors and cords are not.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I don't need to. I know about that project for around 30 years. The thing discussed in this story is not a TEMPEST attack.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.