This article was published on July 26, 2013

Spy agencies reportedly have a long-standing ban on Lenovo PCs due to back-door vulnerabilities [Update]


Spy agencies reportedly have a long-standing ban on Lenovo PCs due to back-door vulnerabilities [Update]

Spy agencies in the UK, Australia and the US have internally banned using Lenovo PCs because of remote access vulnerabilities that were discovered during testing, a new report from the Australian Financial Review alleges.

Update: Lenovo has declined to provide comment, but it did point to a notice from the Australian Department of Defence denying the existence of a ban:

Reports published on 27 and 29 July 2013 in the Australian Financial Review allege a Department of Defence ban on the use of Lenovo computer equipment on the Defence Secret and Top Secret Networks.‪ ‪

This reporting is factually incorrect. There is no Department of Defence ban on the Lenovo Company or their computer products; either for classified or unclassified systems. ‪

Chinese technology firms have long attracted suspicion from international governments, with telecommunications firms Huawei and ZTE recently coming under suspicion in both the US and UK. Lenovo has grown to become one of the top PC makers, but its popularity with consumers hasn’t translated over to classified government networks.

The ban is believed to extend across the “Five Eyes” group of nations, which includes Australia, Canada, New Zealand, the UK and the US, because their respective intelligence agencies have linked their networks.

While Lenovo hasn’t gone after the required security certifications needed to provide hardware to some of these agencies, AFR’s report suggests there’s more to the situation.

According to the paper, intelligence sources confirmed the ban was instituted in the mid-2000s “after intensive laboratory testing of its equipment allegedly documented “back-door” hardware and “firmware” vulnerabilities in Lenovo chips.”

Details on the discoveries remain classified, but the vulnerabilities allegedly could provide remote access to intruders.

Also of concern is the extent of Lenovo’s ties with the government. China’s Academy of Sciences has a substantial stake in Legend Holdings, Lenovo’s largest shareholder.

Lenovo didn’t immediately respond when contacted by The Next Web, but the company did tell AFR that it did not know of the spy agency ban.

Part of the deep-rooted suspicion of Chinese hardware may come from Western governments’ own interest in creating back doors in their own hardware. For instance, security expert Professor Farinaz ­Koushanfar told AFR that she had “personally met with people inside the NSA who have told me that they’ve been working on numerous real-world cases of malicious implants for years.” France was also believed to be working on kill switches for its military equipment.

Given that most of this is locked up as classified, we probably won’t ever find out what’s really going on here. Still, given the recent revelations of the deep surveillance structures created by the likes of the NSA, it’s hard not to look at all our technology with a bit of mistrust.

See also: Here’s the letter Apple, Google, Microsoft and others sent to the US government over data requests and UK’s Intelligence and Security Committee says GCHQ is accessing the NSA’s PRISM programme legally

Image credit: Philippe Lopez / Getty Images

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with