[cryptography] evidence for threat modelling -- street-sold hardware has been compromised

Steve Weis steveweis at gmail.com
Wed Jul 31 17:35:28 EDT 2013


For what it's worth, Australia's Department of Defence calls the AFR
article "factually incorrect" and says there is no ban on Lenovo
hardware:
http://news.defence.gov.au/2013/07/30/media-articles-in-the-australian-financial-review-27-and-29-july-2013/

On Tue, Jul 30, 2013 at 4:07 AM, ianG <iang at iang.org> wrote:
> It might be important to get this into the record for threat modelling.  The
> suggestion that normally-purchased hardware has been compromised by the
> bogeyman is often poo-pooed, and paying attention to this is often thought
> to be too black-helicopterish to be serious.  E.g., recent discussions on
> the possibility of perversion of on-chip RNGs.
>
> This doesn't tell us how big the threat is, but it does raise it to the
> level of 'evidenced'.
>
>
>
> http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL
>
> Computers manufactured by the world’s biggest personal computer maker,
> Lenovo, have been banned from the “secret” and ‘‘top secret” ­networks of
> the intelligence and defence services of Australia, the US, Britain, Canada,
> and New Zealand, because of concerns they are vulnerable to being hacked.
>
> Multiple intelligence and defence sources in Britain and Australia confirmed
> there is a written ban on computers made by the Chinese company being used
> in “classified” networks.
>
> The ban was introduced in the mid-2000s after intensive laboratory testing
> of its equipment allegedly documented “back-door” hardware and “firmware”
> vulnerabilities in Lenovo chips.
>
> ...
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography


More information about the cryptography mailing list