Reports: Lenovo Investigating Classified Network Ban in Five Countries
Chinese PC maker Lenovo is investigating an alleged longstanding ban on use of its products by intelligence and defense agencies in the United States and four other countries over concerns that its technology is particularly vulnerable to attacks by cyber criminals.
Chinese PC maker Lenovo is investigating an alleged longstanding ban on use of its products by intelligence and defense agencies in the United States and four other countries over concerns that its technology is particularly vulnerable to attacks by cyber criminals.
According to a report in the Australian Financial Review (AFR) picked up in the online sites ITPro and V3, Lenovo computers have been barred from use in the intelligence and defense departments in Austrialia, Canada, the United Kingdom, the United States and New Zealand since the mid-2000s. Multiple agencies in the United Kingdom and Australia are said to have confirmed the existence of a written ban on the deployment of Lenovo computers in classified networks.
The ban is based on the results of lab tests that pointed to firmware vulnerabilities and other points of entry for hackers in chips produced in China by companies linked to government agencies. Lenovo is indirectly funded in part by the Chinese government—the Chinese Academy of Sciences, a government entity, owns 38 percent of Legend Holdings, which is Lenovo’s largest shareholder and owns 34 percent of the company.
British intelligence agency labs reportedly shepherded the security research effort, concluding, along with Australian officials, that “malicious modifications to Lenovo’s circuitry — beyond more typical vulnerabilities or “zero-days” in its software — were discovered that could allow people to remotely access devices without the users’ knowledge. The alleged presence of these hardware 'back doors' remains highly classified.”
The threat is that chips that have been intentionally and maliciously altered to contain hidden Trojan circuitry can then be triggered at some later time to launch attacks. The AFR report cites sources claiming Lenovo never sought accreditation to deploy its computer products in the classified networks of the named countries.
In a statement to IT Pro, Lenovo said its products have been found “time and time again” to be suitable for business and public sector use and denied it had received notification of a ban on its products in highly classified settings in the five countries.
“As a result of the IBM PC division in 2005, we have diverse global leadership and an excellent track record in selling into the public sector globally,” Lenovo said. “We have not received word of any sort of a restriction on sales so we are not in a position to respond to that question…[but] Lenovo continues to have a strong relationship with government customers, so the claims being made are new to us. We are looking into this situation closely and we’ll be sure to share updates when available.”
Lenovo is not the first Chinese IT maker to come under scrutiny for government ties. Last year, Chinese telco equipment makers Huawei and ZTE were investigated over a potential threat they posed to U.S. interests.