[cryptography] evidence for threat modelling -- street-sold hardware has been compromised
steveweis at gmail.com
Wed Jul 31 17:35:28 EDT 2013
For what it's worth, Australia's Department of Defence calls the AFR
article "factually incorrect" and says there is no ban on Lenovo
On Tue, Jul 30, 2013 at 4:07 AM, ianG <iang at iang.org> wrote:
> It might be important to get this into the record for threat modelling. The
> suggestion that normally-purchased hardware has been compromised by the
> bogeyman is often poo-pooed, and paying attention to this is often thought
> to be too black-helicopterish to be serious. E.g., recent discussions on
> the possibility of perversion of on-chip RNGs.
> This doesn't tell us how big the threat is, but it does raise it to the
> level of 'evidenced'.
> Computers manufactured by the world’s biggest personal computer maker,
> Lenovo, have been banned from the “secret” and ‘‘top secret” networks of
> the intelligence and defence services of Australia, the US, Britain, Canada,
> and New Zealand, because of concerns they are vulnerable to being hacked.
> Multiple intelligence and defence sources in Britain and Australia confirmed
> there is a written ban on computers made by the Chinese company being used
> in “classified” networks.
> The ban was introduced in the mid-2000s after intensive laboratory testing
> of its equipment allegedly documented “back-door” hardware and “firmware”
> vulnerabilities in Lenovo chips.
> cryptography mailing list
> cryptography at randombit.net
More information about the cryptography