Spy Agencies Have Banned Lenovo Computers, Fearing Chinese Hardware Hacks

No Thinkpad for you, NSA employee. Update: The Australian Department of Defence has denied these claims.
Lenovo Yoga 13
As a regular laptop. Real thin and light. Dan Bracaglia

Lenovo is either the world’s biggest or second-biggest PC manufacturer, depending on who you ask (the other potential is HP), and certainly one of the best. But according to the Australian Financial Review (AFR), they’ve been banned by spy agencies around the world, from the U.S. to the U.K. to Australia, because of concerns about their hackability–and where those hacks might be coming from. Lenovo, you see, is a Chinese company, and was originally created by a wing of the Chinese government.

After Lenovo acquired IBM’s PC arm in 2005, it started churning out some of the best computers on the market. Its Thinkpad line became the PC of choice for many Windows users; they totally eschewed aesthetic appeal in favor of hyper-functional, thin, and durable designs. Lately Lenovo’s been stepping up its game in the looks department, and its Yoga line is one of the best-reviewed Windows 8 laptop lines out there. The Economist has a great profile of the company, if you’re curious. But the main thing to know is that Lenovo was created by the Chinese Academy of Sciences, a governmental organization, and still retains a sizable share of Lenovo. And spy agencies are scared of China.

So the spy agencies are concerned about its lineage. Most computer hacks (including smartphones) that we cover are software hacks, affecting individual programs, services, or entire operating systems. The NSA, in particular, already has enforced limits on what Windows machines operating on classified networks can do. But the spy agencies, including the NSA and MI6, aren’t blocking all Windows machines. Instead they’re afraid of hardware exploits inserted into the production line by one specific manufacturer. Says AFR:

Members of the British and ­Australian defence and intelligence communities say that malicious modifications to ­Lenovo’s circuitry – beyond more typical vulnerabilities or “zero-days” in its software – were discovered that could allow people to remotely access devices without the users’ knowledge. The alleged presence of these hardware “back doors” remains highly classified.

These hardware hacks, which may include so-called hardware trojans (also known as “malicious circuits), could include all kinds of things, though AFR’s sources don’t specify exactly what the spy agencies are afraid of. Some hardware trojans are designed to be less reliable, causing hardware failures down the road. Some include small antennae to transmit data to an outside source.

The ban has apparently been in effect for years at some of these agencies, if only for the classified networks. One curious twist to this story is that, if we’re afraid of hardware from a Chinese company, we should probably be afraid of, um, all gadgets. Pretty much every major tech company manufactures in China, from Apple to Samsung to Microsoft, and though some companies (like Google) are trying to manufacture in the States, the vast majority of electronics still comes from Chinese factories. Are they any more trustworthy than Lenovo? Who knows?

Update: In a very brief statement posted to their website, the Australian Department of Defence (sic) called the Australian Financial Report story “factually incorrect” and stated “There is no Department of Defence ban on the Lenovo Company or their computer products; either for classified or unclassified systems.” No other defense department has responded.

[via AFR]