US Tech Firms Fear China Could Be Spying On Them Using Power Cords, Report Says (cnbc.com) 142
An anonymous reader quotes a report from CNBC: Fearing that China could be spying on them using power cords and plugs, several U.S. technology companies have asked their Taiwanese suppliers to shift production of some components out of the mainland, Nikkei Asian Review reported on Friday. The report cited unnamed executives from two Taiwanese companies: Lite-On Technology, a manufacturer of electronic parts, and Quanta Computer, a supplier of servers and data centers. Lite-On's clients include Dell EMC, Hewlett-Packard and IBM, while Quanta counts Google and Facebook among its customers, according to Nikkei. The executives told Nikkei that some of their American clients -- without specifying which companies -- asked them to move out of China partly because of cyberespionage and cybersecurity risks. The U.S. tech firms were worried that even mundane components such as power plugs could be tapped by Beijing to access sensitive data, according to the report. According to the report, Lite-On Technology is building a new factory in Taiwan to manufacture power components for servers due to China's cybersecurity concerns. Quanta has also shifted production out of mainland China to Taiwan due to similar concerns, as well as additional tariffs imposed by Washington as a result of the U.S.-China trade war.
Valid fear. (Score:5, Interesting)
https://www.amazon.com/KJB-Security-C1184-Camera-covert/dp/B0054GQAJU
did anybody check those cords? (Score:4, Informative)
the bump could be a ferrite. it could be a tap. easy enough to cut off the insulation on X number of cords and see what's there. or soak them in methylene chloride for a while.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Comment removed (Score:4, Insightful)
Re: (Score:2)
Only if you plug this into your DVR! It's not meant to be used to actually power a laptop.
Next!
Re: (Score:2)
Why yes it is.
In more ways than one.
https://gizmodo.com/this-innoc... [gizmodo.com]
A dedicated effort could surveil a workcenter in every conceivable way, and do so VERY discretely.
If you're going to be paranoid... (Score:5, Informative)
If you're worried about power plugs, you should be worried about anything that plugs in, or even is battery powered. An office heater or fan, desk lamp, etc can spy on your power signature almost as well as the extension cord used to power things. A battery powered headset can spy wirelessly too. You could even take it a step further and suspect shoes made in China, they could contain kinetically charged batteries with spying equipment.
So, if you want to be paranoid, you have to ban everything made in China.
Re:If you're going to be paranoid... (Score:4, Interesting)
Quite a few successful ops involved giving people fans and other devices. My fave involved a lava lamp, of all things.
Re: (Score:1)
They might want to check where their tinfoil hats are made too.
Wrong target (Score:5, Insightful)
So, if you want to be paranoid, you have to ban everything made in China.
Why China? China is only suspected of using consumer electronics to spy whereas we actually know for certain that the US government has been using consumer electronics to spy on people.
Losing the point (Score:2)
IN PRISON WITHOUT A TRIAL.
You seem to have lost the point here. We were talking about using consumer electronics to spy. However, since you do bring it up while it does do this on the same scale as China the US's record is pretty abysmal [theguardian.com].
Re: (Score:2)
Re:If you're going to be paranoid... (Score:5, Insightful)
The difference is that you don't buy an office heater, fan, or desk lamp *with a server*. The scale of an operation to capture significant valuable information via desk lamps would have to be orders of magnitude larger.
Re: (Score:3)
The article talks about power cords, which are not sold "with a server" either. You could argue that cooling fans inside the server are more tied to the server than the power cord which often is purchases of the server rack than a server.
Re:If you're going to be paranoid... (Score:4, Interesting)
If you're worried about power plugs, you should be worried about anything that plugs in, or even is battery powered.
Pretty much anything you connect to your network could be used to hack into the other machines you have on that network. Even the WiFi plug I bought for my lamp has been nagging me to update the firmware it runs.
On the other hand, those WiFi outlet switch thingies are just so damn convenient... Security was fun while it lasted.
Re: (Score:1)
But not the USA, right?
Re: (Score:2)
How about... wait for it... your cell phone (gasp).
Only Americans are... (Score:5, Funny)
...allowed to spy on Americans. I'm sure that is written in the Constitution somewhere.
Re: (Score:1)
Bloomberg's test units were sabotaged in-transit in an obvious way in order to specifically discredit Bloomberg and their testing methodology and their supply chain so that when a story like this later comes out nobody will believe it.
Not that farfetched (Score:1)
Dell's rather infamous for having a chip between your power adapter and laptop that cripples your machine's performance if it determines the power adapter is either missing the appropriate wattage or the 'authentic' chip that would tell it that this is the case. What more could that system do?
Next thing you know (Score:4, Funny)
Next thing you know, you'll tell me that power lines can be used to provide high speed internet to devices, and it's relatively simple to use any USB device to do things, just like your keyboards as well as your microphones and cameras, even when you think they're off.
oh
wait
it is
Re:Next thing you know (Score:4, Informative)
Next thing you know, you'll tell me that power lines can be used to provide high speed internet to devices,
They can, but the signals don't tend to survive going through panels/breakers. Even the low-bitrate communications used in X10 home automation systems often have the same problem. If you got enough of them in your building they could bypass internal firewalls, but it's not a realistic way to get data out of a building.
Re: (Score:2)
If your mostly going for espionage for high tech and military secrets it doesn't make sense to spread a net too wide, unless your really sure you can never be caught. It would be better to have the hidden functionality but generally leave it off, until you identified some set of devices you wanted to exfiltrate data from.
Very correct. The only time you go for wide net is when it's hard to get in, and you turn someone to activate it who is inside, or to set up a repeater/translator.
This is beyond stupid. (Score:5, Insightful)
Apparently, these US companies have nobody left that understands technology. Such an attack would be both ineffective and far, far more expensive than other possibilities. Requires some minimal actual knowledge of IT security to see that though, but all these people seem to have is irrational fear.
Re: I'm not sure this should have leaked. (Score:1)
Well power chords are impossible to overlook. They just go on and on. You could take a nap during one.
Re: (Score:2)
Nobody is spying via hacked power cords. It does not make sense technologically. Like at all.
Re: (Score:2)
Nobody is spying via hacked power cords. It does not make sense technologically. Like at all.
Well, nobody is spying via hacked power cords alone. You could hide a MCU with wifi and a camera and/or mic in one easily enough, but it would have to have a network to connect to... And nobody's dumb enough to have open networks in their corporation connected to the internet, right? RIGHT? Hmm... no, they probably are. So it makes at least a little sense.
Re:I'm not sure this should have leaked. (Score:4, Interesting)
Nobody is spying via hacked power cords. It does not make sense technologically. Like at all.
Well, nobody is spying via hacked power cords alone. You could hide a MCU with wifi and a camera and/or mic in one easily enough,
Actually, that would be pretty hard. The problem is ironically that you need power and even a small PSU needs a transformer of a size that is not easily hidden because you cannot use mains power directly. Also, the PSU will be less efficient because of it small size and hence heat up and that is noticeable. And said PSU will create interference. And it will be easy to find by measuring capacitance between wires. And some other potential problems I am currently to lazy to examine in detail. Placing something like that in an USB cord is relatively easy, but in a power cord it is not.
No, sorry. The idea is a pure amateur-level fantasy. Any reasonably competent engineer will go for other options.
Re: (Score:2)
Placing something like that in an USB cord is relatively easy, but in a power cord it is not.
If they've got supposed ferrite beads, the transformer is easily placed there. You also don't actually need a transformer. You would be able to find it by measuring capacitance, but you would have to be looking for it.
Re: (Score:2)
For a power cord, you need the transformer. The only other option (high-voltage capacitor and mains-voltage level circuitry) is even larger and produces a lot more heat. And no, you cannot re-purpose a ferrite bead for that, the geometry is wrong. You seem to be forgetting that you have 3 rather thick copper wires in there and one of them is at mains voltage.
Re: (Score:1)
No, you don't need a transformer. A capacitor, bridge rectifier and a linear regulator will very easily power an MCU and embedded wireless device. I've designed and built such a power supply for actually products you can buy off the shelf. They are very cheap, reliable, reasonably efficient, small, and make almost zero EMC noise. You only need a transformer if you want the output to be isolated from mains.
Re: (Score:2)
And they will be even larger and produce more heat than a transformer. You really are clueless how things actually work.
Re: (Score:2)
I'm not so sure about that. Everything needed to connect to a WiFi network could be hidden in a power cable, both easily and cheaply. Once powered, the "SmartCable" could look for an open network, or use known exploits to attack a secure WiFi network. There would be plenty of time. If it ever successfully connects, it could report home, do a firmware update, and wait for commands. Throw tens of thousands of these cords into the markets of your target, and some of them are bound to turn up something juicy.
Re: (Score:2)
You may not be, but I am sure. This does not make sense, both directly because of severe problems and limitations and indirectly because other options are better. Now, hiding such things in a power adapter, for example, that is something else. But plugs and cords? No. Pure amateur-level fantasy.
Re: (Score:2)
https://spyassociates.com/usb-... [spyassociates.com]
Re: (Score:2)
USB connectors are easy for this. Mains power connectors and cords are not.
Re: (Score:2)
I don't need to. I know about that project for around 30 years. The thing discussed in this story is not a TEMPEST attack.
Re: (Score:2)
China still has to use wider US networks to get the data in and out.
Dianose and treatment for the USA (Score:2)
ICD-10 Diagnose Code: F60.0 [wikipedia.org]
Cause: a result of an underlying belief that other people are hostile [and long time [wired.com] spying [theguardian.com] on others [reuters.com]] in combination with a lack in self-awareness
Treatment: hard to treat [wikipedia.org], i.e. a terminal illness.
Re:Dianose and treatment for the USA (Score:5, Insightful)
Cause: a result of an underlying belief that other people are hostile [and long time spying on others] in combination with a lack in self-awareness
China is the number one thief of IP while the US is the number two thief of IP. The later fact does not negate the former.
It's not wrong for them to be concerned. Sure, it's hypocritical but it's not wrong.
Re: (Score:2)
It's not even hypocritical. US tech firms face an industrial espionage, not a foreign state attacking state secrets. In that regard when the person doing spying is the US government or another US entity there is actual legal recourse which limits commercial damage.
The same cannot be said for Chinese industrial espionage where good luck suing a Chinese company about stolen IP.
Yes! (Score:5, Insightful)
This is the proper level of "paranoia" required to keep data secret! However, US tech companies should also be having the realization that they need to stop selling/enabling insecure products because the buyers may end up being their workers. Hack a worker's wireless printer via internet (easy), move laterally via bluetooth to their smartphone (outdated and insecure) and you have a remote surveillance device in your "secure" workplace. Each step of insecurity brought to you by good ol' US tech companies.
There is so much insecurable crap in computers and products that it's going to be a monumental task to actually secure companies. Sure hope PS/2 keyboards and mice are coming back into fashion because USB is a security nightmare.
You reap what you sow, US tech companies!
Chinese should be ... (Score:2)
... proud that their country hosts hackers that are the envy of the world. There are major roles in movies that glamorize the nerdy hacker.
The USA, meanwhile, represents the gullible victim.
Was that a Bloomberg news article... (Score:5, Insightful)
Re: (Score:1)
... from the same "reliable" sources that still owe us a presentation of the spy-chips on the SuperMicro boards?
First, they scared us with their spy-chip in SuperMicro board fable. It flopped.
They then came back with 'power cord sending critical info to Chicom' fairy tale. This also flops.
I am sure they will be back again. Maybe this time they will put everything in, including Pen, Pencils, Erasers, Plastic Lego Bricks (now being manufactured in China), and of course, they will throw in that famous Kitchen Sink to make their story stick.
Is there really that much difference (Score:3)
Is there really that much difference between China and Taiwan if China were going to have a backdoor installed into a product? (I'm not trying to start a debate on whether Taiwan is or isn't a part of China. Just pointing out that China's influence isn't that much reduced there.) If you were wanting to be protect yourself from Chinese backdoors then it would be better to choose one of the many other low cost production countries. Especially for something as simple as a power cord.
However, this sounds like another BS don't trust the Chinese stories put out by the US government in order to further weaken trade between the two countries. The problem is these don't trust the Chinese government and businesses start becoming shortened to don't trust Chinese and it becomes ingrained into the nation if done for long enough.
Re:Is there really that much difference (Score:4, Insightful)
The US has been making up various accusations against China pretty much after the collapse of the Soviet Union. (Before then, the US betrayed Taiwan and fell in bed with the "Chinese communist" in order to fight the all powerful SU.) The Americans have already been doped to say that China's evil, but their real votes are their pocket, just like they used to have the same split behavior toward the Japanese when Japan was all the rage of going to dominate the world -- after they "stole" / imitate US technology -- and the US started cracking down on the Japs. We should thank the self-contradiction of the public, else the world would have fought a lot more wars.
(Before the Japanese, the British treated Americans as thefts for the same IP theft accusations. History always repeats itself.)
US Calm down. (Score:2, Insightful)
Despite your continuing genocide and oppression the world over not everyone is out to get you. So calm down and take some of what ever your pharmaceutical industry is pushing the most currently.