Lenovo (HKG:0992) Computers Are Banned By Defense Networks In US, Britain, Australia, Canada And New Zealand
By
Sophie Song
Computers manufactured by Lenovo Group Limited (HKG:0992), the world’s biggest
personal computer maker, have been banned from the “secret” and “top-secret” networks of the intelligence and defense services of Australia, the United States, Britain, Canada and New Zealand, due to hacking concerns.
The written ban on computers made by the Chinese firm being used in “classified” networks is confirmed by multiple intelligence and defense sources in Britain and Australia, according to the
Australian Financial Review.
The ban was introduced in the mid-2000s, after Lenovo chips were allegedly found with “back-door” hardware and “firmware” vulnerabilities following intensive laboratory testing. An Australian Department of Defense spokesman confirmed that Lenovo products have never been accredited for Australia’s classified networks.
The ban highlights concerns of security threats posed by “malicious circuits” and insecure firmware in chips produced by Chinese companies with close government ties. Firmware is the interface between a computer’s hardware and its operating system.
Related
The Chinese Academy of Sciences, a government entity, owns 38 percent of Legend Holdings, which in turn is the largest shareholder in Lenovo with 34 percent of the computer maker.
Lenovo, headquartered in Beijing, acquired IBM’s personal
computer business in 2005, after which IBM continued to sell servers and mainframes that were accredited for secret and top-secret networks. A Defense spokesman said Lenovo had never sought accreditation.
Members of the British and Australian defense and intelligence communities said that malicious modifications to Lenovo’s circuitry – beyond more typical vulnerabilities or “zero-days” in its software – were discovered, which could allow remote access without device users’ knowledge. The alleged presence of these hardware “back doors” remains highly classified, according to the
Australian Financial Review.
In a statement, Lenovo responded that it was unaware of the ban. The company said its “products have been found time and time again to be reliable and secure by our enterprise and public sector customers and we always welcome their engagement to ensure we are meeting their security needs.”
Lenovo remains a significant supplier of computers for “unclassified” government networks across Western nations, including Australia and New Zealand’s defense departments.
Hardware back doors are very hard to detect if they are well-designed, according to James Turner, an IT security analyst at IBRS, a technology research firm. They are often created to look like a minor design or manufacturing fault, and to avoid detection, they are often latent until activated by a remote transmission.
“Most organizations do not have the resources to detect this style of infiltration. It takes a highly specialized laboratory to run a battery of tests to truly put hardware and software through its paces,” Turner said. “The fact that Lenovo kit is barred from classified networks is significant, and something the private sector should look at closely.”
The ban is part of a long series of security concerns from Western countries with Chinese-made electronics. In 2006, the U.S. State Department decided not to use 16,000 new Lenovo computers on classified networks because of security concerns. The change in procurement policy was attributed to anti-China trade sentiment after Lenovo’s acquisition of IBM’s
PC business.
The U.S. government has repeatedly admonished U.S. businesses not to use electronics manufactured by Huawei Technologies, another major Chinese manufacturer. Last week, the former head of the CIA and NSA, Michael Hayden, alleged that Huawei spies for the Chinese government. Huawei officials and China’s Australian embassy strenuously denied these claims, according to the
Australian Financial Review.
