[cryptography] evidence for threat modelling -- street-sold hardware has been compromised

ianG iang at iang.org
Wed Jul 31 04:19:44 EDT 2013

On 31/07/13 03:52 AM, Peter Gutmann wrote:
> Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de> writes:
>> If you trust anonymous leaks to the Financial Review by members of your
>> favourite spying agency network, then I guess its "evidence".
> More importantly, look at the dates:
>    The ban was introduced in the mid-2000s after intensive laboratory testing
>    of its equipment allegedly documented 'back-door' hardware and 'firmware'
>    vulnerabilities in Lenovo chips.
> In the mid-2000's, Lenovo PCs were still IBM Thinkpads (the sale to Lenovo
> happened in 2005).  ZOMG!  IBM backdoored them, not the Chinese!  And to think
> that they've always been the most patriotic of computer manufacturers (Watson
> turned IBM over to the USG in both WWI and WWII).  It was all a trick!

On IBM's watch, right.  But the Thinkpads were manufactured by Lenova in 
China well before that;  what IBM sold was the franchise & rights.

Did they discover, as did google, that they had lost control of the 
situation, and easing out was the better deal?

> So either the analysis found completely normal design features in IBM parts,
> or it's the usual USG paranoia about the Chinese.  Yawn.  Next story about the
> Yellow Peril due in six to eight weeks.  Lather, rinse, repeat.

It's definitely a Yellow Peril story, as well as whatever else it might 
be.  Some context:

This came out of Australia.  There (from memory) the government has 
embarked on the project to get 93% of all homes connected with fiber. 
This is the biggest infra project ever financed by the government in AU, 
and is a political make-or-break deal.  It's big enough to topple the 
government, and the price is big enough to move the government from 
safest in the world into budget impaired land [0].

The opposition is making a lot of hay over the fiber project. 
Especially, as their #2 man is an Internet ISP squillionaire, and he is 
tech & business competent.

Here's the crux:  *The government banned Huawai out of the backbone 
work*.  Huawai hasn't taken this lying down, and has cozied up to the 

So the revelations about Lenova are being clearly created to protect 
this situation.  They are not lightly made, these are 
politically-instructed leaks.  I'd suggest that the claims made to AFR 
as "leaks" had better be true & reliable, otherwise the leaks are going 
to effect the government's credibility in the overall scheme of things.


[0] Especially, note that the economy of AU is driven by mining which is 
driven by China.  As China stalls, so does AU, and its super-clean "wot 
crisis?" reputation slips into the mud.  Poignant...

> Peter.
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography

More information about the cryptography mailing list