China Cyber Association Calls For Review of Intel Products Sold In China (reuters.com)
- Reference: 0175268661
- News link: https://it.slashdot.org/story/24/10/17/0014234/china-cyber-association-calls-for-review-of-intel-products-sold-in-china
- Source link: https://www.reuters.com/technology/cybersecurity/chinese-cyber-agency-recommends-review-intel-products-sold-china-2024-10-16/
> While CSAC is an industry group rather than a government body, it has close ties to the Chinese state and the raft of accusations against Intel, published in a long post on its official WeChat account, could trigger a security review from China's powerful cyberspace regulator, the Cyberspace Administration of China (CAC). "It is recommended that a network security review is initiated on the products Intel sells in China, so as to effectively safeguard China's national security and the legitimate rights and interests of Chinese consumers," CSAC said. [...]
>
> CSAC in its post accuses Intel chips, including Xeon processors used for artificial intelligence tasks, of carrying several vulnerabilities, concluding that Intel "has major defects when it comes to product quality, security management, indicating that it is extremely irresponsible attitude towards customers." The industry group goes on to state that operating systems embedded in all Intel processors are vulnerable to backdoors created by the U.S. National Security Agency (NSA). "This poses a great security threat to the critical information infrastructures of countries all over the world, including China...the use of Intel products poses a serious risk to national security." CSAC said.
[1] https://www.reuters.com/technology/cybersecurity/chinese-cyber-agency-recommends-review-intel-products-sold-china-2024-10-16/
They are not wrong (Score:2)
For example Intel rdrand is and remains a compromised design.
But y tho? (Score:1)
So unfair! I mean, there was only rowhammer and specter and meltdown and the entire train wreck of Intel ME. It's not like they have a track record of saying "we're too big to fail so who cares."
I have seen the same (Score:2)
I mean its not too hard to see thatâ¦. Remember the Intel whistleblower who said to be promoted to the management engine team they would need to obtain a security clearanceâ¦
Why would that be if the management engine wasnt the memory reading spy tool we all know it isâ¦
Re: (Score:2)
>> Why would that be[?]
> Erm, because it contains some "high end" capabilities (good or bad) which Intel don't want to be exfiltrated to competitors. As such, get some clearance so we know you're not likely to be bribed and so that you know how to keep your mouth shut when you're supposed to.
Security clearances do not work that way. In order to obtain (and keep) a clearance you must be working on something requiring said clearance. You can't just call up the government and say you want to get someone a TS or DoE Q clearance because you've got some trade secrets you want to protect.
Not entirely wrong. (Score:2)
> "has major defects when it comes to product quality, security management, indicating that it is extremely irresponsible attitude towards customers."
> "This poses a great security threat to the critical information infrastructures of countries all over the world, including China...the use of Intel products poses a serious risk to national security."
I would say this is a proper assessment of Intel.
> The industry group goes on to state that operating systems embedded in all Intel processors are vulnerable to backdoors created by the U.S. National Security Agency (NSA).
This gives the NSA too much credit but I understand why they might think so. The actual hardware design flaws are clearly the result of placing a priority on performance above security concerns. It would be far more plausible if the NSA provided hardware bug finding support like they do for software and MS Windows: fix the easily found stuff, keep the deep compromises secret. The NSA has a suuuper heavy focus on being undetected, so making a direct request fo
Re: (Score:2)
Given what we know about America's unconstitutional citizen spying programs and the fact that Intel is a defense contractor, I would say there is a 100% chance that the management engine has NSA backdoors. Not "created by the NSA" which is a dumb take, but "created for the NSA". Why would the NSA have to create them, when they can just send a memo and request them?
Your argument about a paper trail is unconvincing because distribution will be limited based on need to know, and the documents will be carefully
Re: (Score:3)
It's almost impossible to verify that there are no back doors in Intel's processors, or that there won't be in the future. And there certainly are parties with a motive to put in back doors. Its seems only prudent to assume that these chips are a security threat.
Re: (Score:2)
That is pretty much the same logic the Trump administration used to exclude Chinese - Huawei - tech from 5G networks. There was never any proof supplied, it was all "they could be doing this".
Interesting moves by China (Score:3)
There are many facets to this move by China. It's obviously a move by the Chinese government, as a private group wouldn't have the motivation or the courage to do this without explicit government approval.
I suppose Intel products might have backdoors, but the real intrigue is how this might play out. Is this just a bit of economic saber rattling, or is China willing to up the ante? In the case of escalation, Chinese exports would certainly be subject to similar "examinations." Or is this the response to US "examinations" of TikTok?
Clever Move (Score:2)
That's a clever move. China knows that the US is turning to intel out of concern that China could either destroy TSMC (e.g. in an invasion) or has agents who can report on vulnerabilities to them. Taking action to limit intel sales in China is an effective way to handicap the US's attempt to protect their access to high end lithography.
Sure, it's not like intel doesn't have security issues or problems. But from a security POV they are no worse than AMD and probably no worse than companies like Apple (who
Re: Clever Move (Score:1)
I was thinking the same thing. So be it. It is what it is. I do appreciate the extra eyes and hope this leads to a greater awareness and a more secure architecture for everyone.
Re: (Score:2)
> But from a security POV they are no worse than AMD
That's just not true. AMD is vulnerable to most of the same attacks as Intel, but mitigation is reliably cheaper and exploits are typically more difficult.
Re: (Score:2, Offtopic)
Indeed. But Intel has better marketing, i.e. professional liars.
Re: (Score:1)
> Indeed. But Intel has better marketing, i.e. professional liars.
They also have more numerous fanboys, who have apparently built their identities around worshipping Intel based on their simp factor 10 denial of everything wrong they have ever done. There are people out there with Intel Inside tattoos... rent free in their heads, apparently.
oh look I hurt someone's feewings (Score:3)
Intel is a public corporation, it doesn't give a shit about you and it doesn't appreciate your simping. It will happily take your money and hand it to the people you claim to despise, though
Re: (Score:2)
Indeed. I never understood that particular stupidity, until I looked into Authoritarianism. Apparently, any entity that is perceived as powerful acquires "authoritarian followers", which are non-rational and as dumb as bread. Marketing, political propaganda and personal charisma is commonly used to amplify and accelerate that effect. These followers will then aggressively defend that entity for free, up to and including murder, personal bankruptcy and the complete surrender of any rationality. This is stron
Re: (Score:3)
AMD also licences designs to Chinese manufacturers, who strip out some of the security related stuff (like the TRNG and crypto instructions) and replace it with domestic versions. The chips are produced on a larger node and don't perform as well, but they have the advantage of being domestic and thus suitable for government contracts.
There is no a general move away from x86 and US software like Windows for that sort of work anyway. ARM is popular, and MIPS has been in use for many years, and RISC V is up-an
Re: (Score:2)
I fully agree that the increasing diversity of architectures is exciting. Too long we have been dominated by x86 and then amd64 on the desktop; also for too long, there has only been one other credible enterprise architecture (POWER). The rise of ARM and RISC-V gives me hope that we will continue to see innovation despite entrenchment.
Re:Clever Move (Score:4, Informative)
> That's a clever move. China knows that the US is turning to intel out of concern that China could either destroy TSMC (e.g. in an invasion) or has agents who can report on vulnerabilities to them. Taking action to limit intel sales in China is an effective way to handicap the US's attempt to protect their access to high end lithography.
> Sure, it's not like intel doesn't have security issues or problems. But from a security POV they are no worse than AMD and probably no worse than companies like Apple (whose chips may seem more secure because information is more restricted and security researchers have fewer tools).
What does access to high end lithography equipment have to do with Intel? As far as I know most of the really top of the line lithography machines used in cutting edge chip production are made by ASML in the Netherlands (despite the Europeans supposedly having no tech industry) especially extreme ultraviolet lithography (EUV) machines. Intel is in fact heavily reliant on ASML's EUV tech for the production of high-performance chips. If the US wants to secure for itself some kind preferential access to ASML lithography tech they are going to have to take that up with the Netherlands government and ASML. That being said, I don't really see the need for this since so far the Netherlands and ASML have complied with US request for restrictions on the export of Lithography machines to China and have no issues with supplying the US with whatever it needs. If anything, ASML should consider seriously refactoring their China operations for security since their offices there have been the source of several serious IP breaches by their Chinese employees. If there is one thing the Chinese would love to do it's buy up or outright steal the IP they need for making cutting edge EUV machines. On top of that I seriously hope both European and US intelligence agencies have that company under a microscope hunting for IP thieves, that and made sure ASML's computer systems are not accessible from the internet like those of F-35 contractors because I guarantee you the Chinese in particular probably have an entire taskforce with an unlimited budget dedicated to breaching their systems and stealing their research data.
Re: Clever Move (Score:3)
Ayup, Europe has chip foundries also - more than 70. American tech writers just donâ(TM)t know about them because they donâ(TM)t understand the languages.
Re: (Score:2)
> What does access to high end lithography equipment have to do with Intel? As far as I know most of the really top of the line lithography machines used in cutting edge chip production are made by ASML in the Netherlands
That's where ASML is based, but their engineers are all over the planet. ASML is an international effort. That's why China doesn't have a hope in hell of matching them. It takes a planet.
But in response to your question, superior process technology was Intel's only technical advantage. Now that they no longer have it, they are no longer the fastest around, but they absolutely did for decades and people forget that when they try to understand how AMD has seized the performance crown.
> On top of that I seriously hope both European and US intelligence agencies have that company under a microscope hunting for IP thieves, that and made sure ASML's computer systems are not accessible from the internet like those of F-35 contractors because I guarantee you the Chinese in particular probably have an entire taskforce with an unlimited budget dedicated to breaching their systems and stealing their research data.
They definitely are consi
Re: (Score:3)
>> That's a clever move. China knows that the US is turning to intel out of concern that China could either destroy TSMC (e.g. in an invasion) or has agents who can report on vulnerabilities to them. Taking action to limit intel sales in China is an effective way to handicap the US's attempt to protect their access to high end lithography.
The potential destruction of TSMC is not just an isolated China-Taiwan spat. It would lead to a global economic crisis and perhaps a wider military conflict as several large US corporations would essentially cease to exist overnight (e.g., Apple, Nvidia, AMD). Since the Chinese economy is so heavily linked to the global economy, I personally doubt Xi Jingping is willing to take steps that are guaranteed to lead to massive disstabilization of the Chinese economy and risk a mass uprising.
> What does access to high end lithography equipment have to do with Intel? As far as I know most of the really top of the line lithography machines used in cutting edge chip production are made by ASML in the Netherlands (despite the Europeans supposedly having no tech industry) especially extreme ultraviolet lithography (EUV) machines.
ASML makes critical e
Re:Clever Move (Score:4, Insightful)
> Taking action to limit intel sales in China is an effective way to handicap the US's attempt to protect their access to high end lithography.
Uh wut? Sure they can beat on American companies in the on going trade war for Cold War reasons but how does this demand for a security review in any way handicap the US's effort to limit high end shipments to China? Those are two unrelated topics. Intel is not going to send China the plans for a cutting edge lithography machine or start sending higher end chips in violation of sanctions.
IMO, we should be working hard to separate our economy entirely from China anyway. In the same way some American companies, to their shame, supported Nazi Germany long after knowing what evil shit they were, we should get out of China asap, too. We don't need their money or goods so badly that we should deal with them at the expense of our morals and ethics.
I supported Trump starting the trade war and supported Biden doubling down on key aspects of it. We should continue that path until full separation is achieved. Don't trade will evil countries is something all leaders should easily agree with no matter their other politics.
Since U mention Nazis (Score:1)
The bigger urgency is to separate the US economy from Israel which is committing a glaring genocide. Why is China bad? authoritarian leadership? poor human rights? wanting to annex land? - all can be said of Israel! It is now clear geopolitical strategy trumps everything else - basically what John J Mearsheimer also says.
Tit for tat [Re:Clever Move] (Score:2)
Seems to be tit-for-tat retaliation for US suspicion over Chinese product security.