recentpopularlog in

China

« earlier   
How China rips off the iPhone and reinvents Android - The Verge
2018 will go down as the year when it became impossible to ignore the increasing advancements of Chinese smartphone hardware, from superlative camera arrays and super-speed charging to in-display fingerprint scanners and creative ways to stretch the display across as much of the front of the phone as possible. In a year that has seen Apple, Samsung, and now Google deliver iterative design updates to their flagship phones, devices like the Oppo Find X, Huawei P20 Pro, and Vivo Nex will be particularly memorable for their sheer gadgety appeal.
newswire  android  china  design 
7 hours ago by kejadlen
Another Bloomberg Story about Supply-Chain Hardware Attacks from China - Schneier on Security
Bloomberg has another story about hardware surveillance implants in equipment made in China. This implant is different from the one Bloomberg reported on last week. That story has been denied by pretty much everyone else, but Bloomberg is sticking by its story and its sources. (I linked to other commentary and analysis here.)
Again, I have no idea what's true. The story is plausible. The denials are about what you'd expect. My lone hesitation to believing this is not seeing a photo of the hardware implant. If these things were in servers all over the US, you'd think someone would have come up with a photograph by now.
EDITED TO ADD (10/12): Three more links worth reading.
amazon  apple  china  chip  hack  privacy  security  server  supply_chain 
10 hours ago by rgl7194
TaoSecurity: Network Security Monitoring vs Supply Chain Backdoors
On October 4, 2018, Bloomberg published a story titled “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” with a subtitle “The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.” From the article:
Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code. The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.
Companies mentioned in the story deny the details, so this post does not debate the merit of the Bloomberg reporters’ claims. Rather, I prefer to discuss how a computer incident response team (CIRT) and a chief information security officer (CISO) should handle such a possibility. What should be done when hardware-level attacks enabling remote access via the network are possible?
amazon  apple  china  chip  hack  privacy  security  server  supply_chain 
10 hours ago by rgl7194
More commentary on China, Apple, and supply-chain hacking | Mac Virus
Following up the previous story Supply chain hacking: bull in a China shop? [updated]…
[Additional: Motherboard – The Cybersecurity World Is Debating WTF Is Going on With Bloomberg’s Chinese Microchip Stories]
Paul Ducklin for Sophos: Apple and Amazon hacked by China? Here’s what to do (even if it’s not true) – more useful than most of the commentary I’ve seen!
amazon  apple  china  chip  hack  privacy  security  server  supply_chain 
10 hours ago by rgl7194
Government Perspective on Supply Chain Security - Schneier on Security
This is an interesting interview with a former NSA employee about supply chain security. I consider this to be an insurmountable problem right now.
amazon  apple  china  chip  hack  privacy  security  server  supply_chain 
10 hours ago by rgl7194
Bloomberg blunder highlights supply chain risks - Malwarebytes Labs | Malwarebytes Labs
Ooh boy! Talk about a back-and-forth, he said, she said story!
No, we’re not talking about that Supreme Court nomination. Rather, we’re talking about Supermicro. Supermicro manufacturers the type of computer hardware that is used by technology behemoths like Amazon and Apple, as well as government operations such as the Department of Defense and CIA facilities. And it was recently reported by Bloomberg that Chinese spies were able to infiltrate nearly 30 US companies by compromising Supermicro—and therefore our country’s technology supply chain.
If you’ve been trying to follow the story, it may feel a bit like this...
amazon  apple  china  chip  hack  privacy  security  server  supply_chain 
10 hours ago by rgl7194
Daring Fireball: 'Your Move, Bloomberg'
Washington Post media critic Erik Wemple:
Sources tell the Erik Wemple Blog that the New York Times, the Wall Street Journal and The Post have each sunk resources into confirming the story, only to come up empty-handed. […]
The best journalism lends itself to reverse engineering. Though no news organization may ever match the recent New York Times investigation of Trump family finances, for instance, the newspaper published documents, cited sources and described entities with a public footprint. “Fear,” the recent book on the dysfunction of the Trump White House, starts with the story of a top official removing a trade document from the president’s desk, an account supported by an image of the purloined paper.
Bloomberg, on the other hand, gives readers virtually no road map for reproducing its scoop, which helps to explain why competitors have whiffed in their efforts to corroborate it. The relentlessness of the denials and doubts from companies and government officials obligate Bloomberg to add the sort of proof that will make believers of its skeptics. Assign more reporters to the story, re-interview sources, ask for photos and emails. Should it fail in this effort, it’ll need to retract the entire thing.
amazon  apple  china  chip  hack  privacy  security  server  supply_chain  daring_fireball 
10 hours ago by rgl7194
Should Bloomberg retract? | Mac Virus
John Gruber cites Amazon Web Services CEO Andy Jassy’s tweet while considering Bloomberg’s decreasingly convincing insistence on the Apple/Amazon/etc. supply chain story: AWS CEO ANDY JASSY: ‘BLOOMBERG SHOULD RETRACT’
I have to agree: Bloomberg’s position is not looking very tenable.
amazon  apple  china  chip  hack  privacy  security  server  supply_chain 
10 hours ago by rgl7194

Copy this bookmark:





to read