Backdoors in Lenovo equipment prompt classified network ban by 5 governments
Laboratory testing of Lenovo's PCs and other equipment allegedly found backdoors in its hardware and firmware vulnerabilities in its chips, which has led to the equipment being banned from classified networks by five governments, the Australian Financial Review reports.
The ban was put in place by the United States, the United Kingdom, Canada, Australia and New Zealand in the mid-2000s after testing allegedly found the security holes, intelligence and defense sources confirmed with the publication.
However, the Australian Department of Defence said it does not have a ban in place for Lenovo PCs or other equipment for its classified networks.
Lenovo is the leading supplier of PCs in the world, according to the latest stats from Gartner. Lenovo controls 16.7 percent of the PC market, shipping 12.7 million PCs in the second quarter of 2013.
Lenovo, which is partially owned by the government's Chinese Academy of Sciences, acquired IBM's (NYSE: IBM) PC business for $1.25 billion in 2005.
According to sources consulted by AFR, British intelligence agencies' labs conducted testing that found the vulnerabilities in the Lenovo equipment. "Malicious modifications to Lenovo's circuitry--beyond more typical vulnerabilities or 'zero-days' in its software--were discovered that could allow people to remotely access devices without the users' knowledge," the report noted.
IBRS security analyst James Turner told AFR that hardware backdoors are difficult to detect, if well designed. "Most organizations do not have the resources to detect this style of infiltration. It takes a highly specialized laboratory to run a battery of tests to truly put hardware and software through its paces. The fact that Lenovo kit is barred from classified networks is significant, and something the private sector should look at closely," he cautioned.
Lenovo denied that its equipment has security holes and said it was unaware of the ban, according to a statement obtained by AFR. The company asserted that its "products have been found time and time again to be reliable and secure by our enterprise and public sector customers and we always welcome their engagement to ensure we are meeting their security needs."
U.K. government to probe Huawei security center in southern England
US, China kick off cybersecurity talks amid more Snowden leaks
US hacking Chinese civilians for years, says Snowden
This article was updated on Aug. 24 to include the Australian government's denial that it has a ban of Lenovo equipment for its classified networks.