[cryptography] evidence for threat modelling -- street-sold hardware has been compromised
iang at iang.org
Wed Jul 31 04:19:44 EDT 2013
On 31/07/13 03:52 AM, Peter Gutmann wrote:
> Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de> writes:
>> If you trust anonymous leaks to the Financial Review by members of your
>> favourite spying agency network, then I guess its "evidence".
> More importantly, look at the dates:
> The ban was introduced in the mid-2000s after intensive laboratory testing
> of its equipment allegedly documented 'back-door' hardware and 'firmware'
> vulnerabilities in Lenovo chips.
> In the mid-2000's, Lenovo PCs were still IBM Thinkpads (the sale to Lenovo
> happened in 2005). ZOMG! IBM backdoored them, not the Chinese! And to think
> that they've always been the most patriotic of computer manufacturers (Watson
> turned IBM over to the USG in both WWI and WWII). It was all a trick!
On IBM's watch, right. But the Thinkpads were manufactured by Lenova in
China well before that; what IBM sold was the franchise & rights.
Did they discover, as did google, that they had lost control of the
situation, and easing out was the better deal?
> So either the analysis found completely normal design features in IBM parts,
> or it's the usual USG paranoia about the Chinese. Yawn. Next story about the
> Yellow Peril due in six to eight weeks. Lather, rinse, repeat.
It's definitely a Yellow Peril story, as well as whatever else it might
be. Some context:
This came out of Australia. There (from memory) the government has
embarked on the project to get 93% of all homes connected with fiber.
This is the biggest infra project ever financed by the government in AU,
and is a political make-or-break deal. It's big enough to topple the
government, and the price is big enough to move the government from
safest in the world into budget impaired land .
The opposition is making a lot of hay over the fiber project.
Especially, as their #2 man is an Internet ISP squillionaire, and he is
tech & business competent.
Here's the crux: *The government banned Huawai out of the backbone
work*. Huawai hasn't taken this lying down, and has cozied up to the
So the revelations about Lenova are being clearly created to protect
this situation. They are not lightly made, these are
politically-instructed leaks. I'd suggest that the claims made to AFR
as "leaks" had better be true & reliable, otherwise the leaks are going
to effect the government's credibility in the overall scheme of things.
 Especially, note that the economy of AU is driven by mining which is
driven by China. As China stalls, so does AU, and its super-clean "wot
crisis?" reputation slips into the mud. Poignant...
> cryptography mailing list
> cryptography at randombit.net
More information about the cryptography