Is Lenovo a blind spot in US anti-China security measures? Lenovo's participation in a cybersecurity initiative has reopened old questions over the company's China origins, especially in light of the growing mistrust between Washington and Beijing over technology. Last week, Lenovo announced to the world that it is now involved in the Joint Cyber Defense Collaborative (JCDC) …
On the surface you have the bookies and punters making money from the horses. But underneath you have those trying to knobble the runners ... or not ... But just because you can't find any evidence of wrongdoing obviously doesn't mean it wasn't done, and by stimulating that suspicion, you put the bookies and punters off one horse so their money heads to another ...
>” But just because you can't find any evidence of wrongdoing obviously doesn't mean it wasn't done, and by stimulating that suspicion, you put the bookies and punters off one horse so their money heads to another ...”
Just had a new pair of smart meters fitted…
Both clearly labelled “Made in China”, perhaps we should start a hare running, given we know Chinese companies have embedded SIMs in some car parts to transmit “diagnostic data”…
choose which horse to ride or maybe try to ride both.
Perhaps an opportunity to sharpen one's pencil and pen The Dummies Guide to Medizing: A Practitioner's Manual which could be a best seller in the near future especially when updated to include chapters covering the application of AI to this domain. :))
Perhaps the sale of Lenovo by IBM to Legend was a case of the Trojans dragging the Achaeans' gift within their walls.
Let's make no mistake : Hong Kong is now most definintly Chinese, so being registered in Hong King is no different than being registered in China.
Given all the hoopla that was made (unjustifiably up to now) around Huawei, I see no reason for the so-called "national security minded" to not go for banning Lenovo as well.
It's just a matter of time before someone apparently discovers some suspect transistor soldered to a Lenovo motherboard (with zero pictures to prove the claim) and uses that excuse to proclaim that Lenovo is not trustworthy any more.
ITYM https://www.theregister.com/2015/02/19/superfish_lenovo_spyware/
That was for teh adz. Lenovo customers worried about the PLA one day deciding to weaponize their interest in Lenovo should consider whether they really want Lenovo Vantage installing updates direct from Lenovo when and how it pleases.
And yes, that bloatware finds its way into commercial builds too.
I have bought a number of Lenovo machines over the years, in fact I have a Yoga 9i on order right now. I always do the same to each, installing GNU/Linux (typically Debian or Ubuntu, but on the new machine I'm planning on Manjaro). While I do leave a shrunken Windows partition behind, I don't leave any actual data on it, and never boot it. (I run Windows 11 on VirtualBox when I have to run it). I consider the risk to me by such a system identical to or less than the risk of anybody else's made-in-China machine.
Lenovo is certainly an odd company, in that they have a fair bit of former IBM staff and management. I couldn't say what percentage of the company is owned in or outside China, but until such time as we can find equipment of comparable quality and price made entirely in a Western country, from Western made components, Lenovo is no worse than its competitors.
Even though I run Windows, on every personal machine I've always wiped and started from scratch, installing only what I know and what I want. It is far easier than trying to remove all the OEM bloatware, and also far easier to know exactly what I'm dealing with from that point on.
I think this may point to why no-one in the infosec community is too troubled. If you wipe the system down and reinstall the OS from trusted media, the remaining risks are the UEFI (probably not chinese), the processor (definitely not chinese) and things like your WiFi/BT chip (almost certainly chinese). Those are pretty much the same risks as you face with a machine assembled in a friendly country. Non-zero, but presumably the spooks think they have a handle on it.
But if you're the owner of a financial news network and you are considering of a presidential bid - you might decide to report that all Chinese motherboards have hidden undetectable chips that communicate with China.
Nobody else managed to find any evidence of these ? That just shows how undetectable they are !
Interesting you find the need to go through all that...for what reason? Anyways, China has already proven that they will use nefarious tactics (SuperMicro and Lenovo as examples) to place hardware sneakers on motherboards. You choose to be blind even though it's hitting you in the face...sad for your peers and country.
I don't know who the “you” is, but if you're referring to me installing GNU/Linux, that's not because of some risk avoidance thing. I've been a Unix guy since the late 1970s, and that's the OS I prefer to use. As for people who wipe Windows and reinstall it from Microsoft media, that's because, as was said, of bloatware. Blame Microsoft and computer manufacturers for that.
China has already proven that they will use nefarious tactics (SuperMicro and Lenovo as examples) to place hardware sneakers on motherboards.
I am not aware of these allegations, care to share a link or two?
Because SuperMicro is a US company, founded in and still headquartered in Silicon Valley. Some components come from overseas, just like in any Dell, HP or Apple computer.
My last two phones have been Apple and my last two laptops Lenovo. The phones cost £1500 more but the difference in quality is that both laptops still work, they bricked my old phone and the 3 year old one has battery issues that ain't worth the repair cost. Who gets the data is negligible as it’s beyond my control
Whereas I'm throwing away 3yr old Lenovo X13s because when the battery dies (very common problem) they won't power on even with an AC adapter,their UK service is shit, the RAM is soldered to the motherboard and isn't upgradeable from the 16gb supplied and they're generally hated by our users for poor reliabiliry and build quality.
Weirdly the Macs and HPs we also issue are far better. (And believe me, I loathe Macs so saying that left an off taste)
RAM? Don't buy the models with soldered on RAM. There are plenty with either all socketed RAM or soldered on + a SoDIMM socket. As for the dead battery, no, you are wrong. It's not a dead battery if the system won't even power on from the PSU. It's a faulty battery (or something else). And FWIW, a fault I've not come across personally. One of the standard diagnostics for non-obvious faults is to pull the system board out, attach an HDMI screen, USB keyboard and then attach the PSU at which point it powers on by default, no power switch needed. They ALL do that and I've been inside a wide range of models. If yours won't switch on at all, disconnect the battery and try again. If it still doesn't work you have a different problem. It might be worth checking the CMOS battery, although I've never known a fault with that other than "dead, replace it". It should still boot with a dead or removed CMOS battery, just it will loose settings every time you power off :-)
Lenovo have their problems, just like all the other OEMs do, there's no need to invent problems caused by bad decisions or lack of knowledge.
(Don't talk to me about Dell and their insistence that everything is the users fault and not their hardware failure!!!)
Lenovo used to make laptops under contract for IBM but the corporate giant decided that making stuff wasn't profitable enough so sold the business to their contractor. -- IBM ThinkPads became Lenovo ThinkPads, same great quality with just a different logo.
Of course, this was a few years ago so a whole new generation of utterly ignorant noisemakers have grown up since then and only know Lenovo as this menacing Chinese company bent on undermining the USofA (or some other similar BS). If they're so worried about Chinese competition then maybe corporate America shouldn't have been in such a hurry to offshore engineering and manufacturing.
Hauwei isn't in the Chinese Government's pocket like ZTE
Well let's see - the company's founder and current CEO was an engineer in the Chinese People's Liberation Army for 11 years, and joined the Chinese Communist Party in 1978.
About 1 of 15 Chinese citizens is a member of the Communist Party, it's not required to be a member.
History worked out a little differently for Liu Chuanzhi, Lenovo's founder and CEO. He joined the military too, for a short time, but because of relatives who were political dissidents, they wouldn't put him on any sensitive assignments. During the Cultural Revolution he got sent to a succession of labor-camps because he thought the Communist Revolution was stupid and said so openly. The CCP wouldn't take him if he begged them. ;-)
It does seem rather short sighted to only consider Lenovo, it's got to be worth at least evaluating the others even if only to confirm your prejudice is correct.
Personally I prefer HP, Dell and then if I'm forced to, I'll consider Lenovo.
They're not IBM any more and the quality has really fallen since that changed.
Can someone point anyone to a current computer that doesn't need at least one component produced within Communist Chinese borders? That would be a big nope.
And so, what are you going to do? How are those state-sponsored fabs in the US going - any nearer to actually coming online? Or the supply chains that would be needed behind them to disconnect China?
Politicians might not call it a trade war with China... But it most assuredly is.
For me, for 20 years or so, the trackpoint has trumped all other considerations. Recently bought my fourth (or fifth?) Thinkpad. A new one (not second hand!) configured to suite me with an AMD processor. Still messing with different Linux distros but the time to switch is approaching as my unloved X240 is falling apart and the battery is only good for 30 minutes or so.
Is the trackpoint beholden to CCP? It is certainly red in colour...
"and the battery is only good for 30 minutes or so."
Not sure about the rear/external battery, but there seems to be plenty supplying the internal optional battery. Your will either have a second battery or a plastic "stiffener" in it's place. Just replace the internal battery if that's the cheaper option.
They probably unwittingly installed an ad-supported utility on some of their LT's that became a bit of a controversy because it turned out it was an early version of commercial spyware and when people found out about that they were not happy about it.
So I'd personally chalk that up to probably just a weak team responsible for vetting the apps they pre-install on their devices, not some nefarious plot. They certainly were not the only PC maker that fell for that at the time.
https://en.wikipedia.org/wiki/Superfish
Hong Kong is not independent anymore and is under the direct rule of China, so the idea that being a Hong Kong based company actually means anything any more is naïve at best.
As long as the CCP have their "golden share" of Lenovo they are one of the "partners" that data is shared with in the terms and conditions.
As long as the CCP have their shares in the company they are legally compelled to share all data with the party.
The real reason behind the US assault on Chinese technology has absolutely nothing to do with security.
It was entirely about stopping companies like Huawei from racing ahead of anything the US can produce. It is pretty pathetic that the UK joined that sham. "We don't want Chinese companies evolved in 5g because we are sure that companies from the land of the (very un)free could get rich from it instead.
Perhaps the US can't make enough laptops of that standard and they know that this protectionism will be even more obvious?
Lenovo really does seem like a fairly rare Chinese technology company with a diverse management team, research teams in various countries outside of China, and a generally "cosmopolitan" attitude. Rather than the blatant and insular nationalism that a lot of Chinese companies seem to ooze these days.
Contrast that with Huawei for example, which literally has direct ties to the Chinese military (PLA) and probably also to various high CCP officials, and is a notorious intellectual property stealer. (For example Cisco fought them for years over appropriation of trade secrets and even after they reached one settlement they later said that Huawei had lied in its presentation of facts of that case)
Whereas I cannot remember a single case of Lenovo engaging in blatant copyright or patent abuse or any other sort of corporate malfeasance other than an occasional sloppiness in some of the software they bundled with their computing products.
When they took over IBM's PC business in 2005 I was very skeptical as I had become very fond of IBM Thinkpads at that point. It didn't take long for that skepticism to fade away. I still prefer Thinkpads and Lenovo is the largest PC maker in the world now.
Yes it's true that Chinese companies theoretically are supposed to help the authorities snoop on people if asked. But Lenovo's field of business would mean that if they ever got caught doing such a thing, it would destroy their reputation and their business. I doubt even the CCP would put the company and their 80,000 employees at risk for that.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
