Hardware Analysis - Re: Made in China, a security risk?

Re: Re: Made in China, a security risk?

Kieran Blenkarne — 2008-07-01T05:19:26-05:00

What about a unique MAC address for every piece of hardware sold? Once installed, activate the MAC address online to the manufacturer.

Re: Re: Made in China, a security risk?

Pedro Fortuny Ayuso — 2008-04-22T14:21:21-05:00

Signing the firmware and updating just after receiving the hardware.

That is a possible solution (well, a possible way to detect counterfeit hardware), and not expensive at all. I guess that ought to be common practice by now.

Pedro.

Re: Re: Made in China, a security risk?

Lawrence O. Wilson — 2008-04-16T20:38:06-05:00

Computers play a major role in Americas national defemse, security, economy, and yet America does not produce neither computers are ANY of their parts. America has given her entire manufacturing infrasture to China or other countries! So now America has to depend up other countries for her well being!

Why should Americas be buy dog food from other nations? Why are our school supplies being printed in China? Why are the toys Americans buy for their children be made in China?

All of the major countries on this earth maintain huge armys and their military infrastructure, WHY? Does it make any kind of sense to be come dependent upon a foreign country for your security and well being? As far as China is concerned, how easily and quickly everyone seems to have forgotten that when one of our military air craft made an emergency landing on their soil, they TOOK the crew as prisoners, held them against their will and it required the president of the US, begging to get them back! Not only that, they completely took apart the aircraft, looking for any thing that they could use from a military point! We were not at war with China, we supported their country during the second world war and many Americans died on her lands fighting the Japanese.

How stupid is America? We have no right to complain to China about substandard food products purchased from them! America feed the world after the second world war, we have some of the richest farm lands in the world, and we had the worlds best farming infrasture. America does not need any country to produce food products, toys, computers, tooth paste, iron/steel, TV, audio, anything!

America has show herself ro be willing to be at the mercy of the world for one more dollar!
In 1961 the world coveted the US Dollar, to day, no foreign country wants to even be bothered with it. America is in billions of dollars in debt to other countries, that means America has neither the Goods, services or gold to pay for the dollars printed or contracts signed.

Why are we buying and depending upon China? Greed has opened a huge wound and the lack of intergity is preventing healing!

24 years in the US Military, two times in Vietnam. If you have not wore the uniform or carried the weapon -------!

Re: Re: Made in China, a security risk?

Kenny Perryman — 2008-04-14T18:04:15-05:00

A buddy of mine in IT for the Air Force was telling me a while ago about some chineese built laptops that were sending a lot of data back to china. He said they had some extra Ics in them. I can't vouch for the validity but the Air Force is worrried if their telling this to their IT people.

Re: Re: Made in China, a security risk?

Kenny Perryman — 2008-04-14T18:01:05-05:00

Re: Re: Made in China, a security risk?

varun rao — 2008-04-09T16:38:57-05:00

"As a polite comment. Sander, while you have a valid point regarding the security risks of using counterfeited routers and switches, I think the title of your article is a little too broad and ambiguous. It could create unnecessary, bias and controversial discussions, that could cross the line of the fair use policy set forth for this site. It is preferably, if you can specify it's routers and switches that you're talking about in the tiltle, such as "Counterfeited Network Hardware, a Security Risk?" Thank you"

Sander I think the man has a point. China manufactures parts for BIG corps and they work perfectly fine. They are all made to specifications and quality standards that are in tune with what the respective manufacturers implement anywhere in the world.
Counterfeit hardware exists everywhere, Its a global menace and China is not the only source.

Re: Re: Made in China, a security risk?

john albrich — 2008-04-09T11:12:12-05:00

Stuart K said:

...The motive of a manufacturer of counterfeit equipment is almost certainly just to make money selling it...

That is true of the commercial-only sector, but in many countries virtually every tech company has ties to their government, and often their military.

In the past, even the US has been accused of designing hardware components to circumvent computer security and/or to facilitate remotely prosecuting computer warfare in other countries, including allies.

One can make a profit and pursue intelligence and military objectives at the same time...and when your company exists solely at the day-to-day discretion of the ruling party, dictator, junta, parliament, etc, you have one hell of an incentive to cooperate.

Re: Re: Made in China, a security risk?

RAJEEV VASU — 2008-04-05T18:18:27-05:00

Dear Sander Sassen,

I was surprised when I saw your article.I was thinking in the same line.The threat is real.
Recently, my friend asked my help.He is having broadband connection and using a chineese made router for the connection.His problem was, though network connection is established and UL and DL are showing, no page is connecting through IE.. At first I thought it was browser hijacking.Soon, I realised it was not hijack but something fishy about the router.I tried to web manage the router by typing http://192.168.1.1 but the same usual IE error message telling the page can not be connected.I was frustrated.At last I found a suspecious item in start -up which was in unknown language (looks like chineese).I removed it and restarted the PC.This time I could access the router.The first thing I noticed was that my friends user name and password (provided by the internet service provider )fed into the router was found replaced with some other user name and password.I changed back it to the original and now he is having no problem connecting to the web.I don't know what sort of hacking these and how the hacker is benefitted by it.I am still searching for more information about such threats.

Thank you.

- Rajeev

Re: Re: Made in China, a security risk?

Brendan Falvey — 2008-04-05T04:24:18-05:00

All the issues that Sander are valid.

Whose worried about China the Uncle Sams boys at the NSA in the Good Ole USofA have been at it since the late 1990's. I read an article where someone had found several undocumented APIs for NT whose sole purpose seemed to be to circumvent encrypted data on the disk.

I am sure that some characters in the current US administration would not be above using any such information gained for commercial advantage rather than the intended national security. Where does national security start and finish since trade is a cornerstone of national interests and must be secured.

I have come across obscure references over the years that would suggest most national governents given the opportunity will resort to such skullduggery.

Do not trust any of the B@#ta^ds!

Re: Re: Made in China, a security risk?

Hugh Scriven — 2008-04-05T03:38:36-05:00

Do you believe those kinds of efforts referred to below are unique to the peoples of China and India?

It's more than probable that whatever "data mining" techniques are now in practice on the Web have proliferated from a common origin.

Once the cat is out of the bag, others are free to analyze and emulate.

Are we still clinging to the belief that the Economic Environment in America is the model of ethics and honesty for all the World to admire?

Has Caveat Emptor and Due Diligence gone out of vogue?

<Quote>
"China and India have been getting a major foothold on various methods of fraud and data mining through mainly the internet. Using faulty sales sites, posting fake ads on places like craigslist, using numerous dating sites to promote faulty webcam spam, and more datamining. This just goes to show us the extent they will go to fullproff their methods of data mining and high level fraud."
<End of quote>

With the incredibly sophisticated analytical tools available to Systems Techs today, a properly thorough "shakedown" should readily identify any Security Holes or Technological Threats.

Re: Re: Made in China, a security risk?

FingerMeElmo87 — 2008-04-04T20:45:13-05:00

darkstar7 said:

The ability to bring Western (or any other) civilization to its knees would be a validation of their superiority.

because they have small wee-wee's thats why they try to show other countries up

Re: Re: Made in China, a security risk?

Laptop Willie — 2008-04-03T19:57:22-05:00

Dave Van Amburg said: [quote]Lowest priced vendor is an oxymoron:

This has been a problem for the military (government) for just about forever. In the 60's I was a PMEL tech (Precision Measuring Equipment Lab). We were the guys who repaired and calibrated to NBS standards all the test equipment used in repair and maintenance of USAF (and some Army) equipment and systems).

This is what happens to any government or business when the view is the bottom line. Dave, I must say I got a lot of use out of the equipment you calibrated. I was stationed at Keesler AFB and was in charge of preparing the test equipment going to PMEL. for the ATC Radar section. Thanks for your service.

Re: Made in China, a security risk?

Dave Van Amburg — 2008-04-03T19:44:07-05:00

Lowest priced vendor is an oxymoron:

This has been a problem for the military (government) for just about forever. In the 60's I was a PMEL tech (Precision Measuring Equipment Lab). We were the guys who repaired and calibrated to NBS standards all the test equipment used in repair and maintenance of USAF (and some Army) equipment and systems).

I wound up being the 'go to guy' for Oscilloscopes in our shop. The AF and Army had purchased a large number of 'knock-off' oscilloscopes based upon the Tektronix 500 series that were built by Hickok and others. The knock-offs were far less reliable and harder to calibrate than the originals. While some of these worked well others were impossible to bring up to spec.

In addition, parts for the scopes were also sourced from the lowest cost vendor. This posed additional problems and some rather expensive work-arounds. For example, the CRTs produced by Tektronix were of excellent quality, never a problem to replace and calibrate and covered by a year long warranty in case one did fail. At the time, Tektronix charged the military about $230 for a replacement CRT. The military procured replacements from a company called Jettronics (sp) who sold their version for about $90. It routinely required installing and testing 15-30 of these knock-offs to find one that would calibrate. I actually documented this over a 6 month period. The average was 9.nn per repair resulting in a net cost of approximately $840 parts cost per repair not counting roughly 3 lost man hours per bad part. Repair using the Tektronix CRTs required approximately 4 man hours and 1-$230 part. The work-around I discovered was when the local supply chain ran out of the knock-off CRTs to order 4 or 5 Tektronix CRTs direct from Tektronix (permissible when you couldn't get stock through channels).

We used the stock of Jettronic CRTs to 'repair' the Army's stock of knock-off scopes that would not calibrate to specs no matter how many parts you replaced. The guts of the units were so bad that even with a Tek CRT you couldn't meet specs and the 'bad' Jettronics CRTs didn't degrade their best performance.

And to think these were the scopes being used to work on the Nike-Hercules nuclear tipped air defense systems protecting our cities and military installations at the time.

Re: Re: Made in China, a security risk?

byron keathley — 2008-04-03T19:27:37-05:00

This is a real risk, although it seems everyone is trying to deny China as the culprit, or call this some kind of racism, It is true. China and India have been getting a major foothold on various methods of fraud and data mining through mainly the internet. Using faulty sales sites, posting fake ads on places like craigslist, using numerous dating sites to promote faulty webcam spam, and more datamining. This just goes to show us the extent they will go to fullproff their methods of data mining and high level fraud.

Re: Re: Made in China, a security risk?

Laptop Willie — 2008-04-03T18:19:51-05:00

While I do agree that counterfeit goods present a problem to the security of our country as a whole, It would appear that our greatest security problems come from within. Case in point, the lost or stolen laptops with security information from the IRS and VA personnel's homes. It would appear that governmental security procedures of the past has gone lax.
In many cases the companies, with government contracts, do in fact buy these counterfeits and install them in their most sensitive areas. Many digital products are included in the counterfeits. It would also appear it is time to lower the boom on those who do not follow security procedures.

One thing I learned from twenty three years in the U. S. Air Force is that for every security measure, there is a countermeasure and even a counter-countermeasure. This has been going on from the beginning of the first armed conflict. Security procedures that are not followed put us all at risk.

Counterfeit items of any kind will always be with us. The security procedures we follow must include some type of monitoring measures.