back to article Is Lenovo a blind spot in US anti-China security measures?

Lenovo's participation in a cybersecurity initiative has reopened old questions over the company's China origins, especially in light of the growing mistrust between Washington and Beijing over technology. Last week, Lenovo announced to the world that it is now involved in the Joint Cyber Defense Collaborative (JCDC) …

  1. Headley_Grange Silver badge

    "..growing mistrust between Washington and Beijing over technology."

    Mistrust might be the excuse, but this is about commercial and geo-political dominance. Companies open to the impacts of this have to choose which horse to ride or maybe try to ride both.

    1. Andy The Hat Silver badge

      On the surface you have the bookies and punters making money from the horses. But underneath you have those trying to knobble the runners ... or not ... But just because you can't find any evidence of wrongdoing obviously doesn't mean it wasn't done, and by stimulating that suspicion, you put the bookies and punters off one horse so their money heads to another ...

      1. Roland6 Silver badge

        >” But just because you can't find any evidence of wrongdoing obviously doesn't mean it wasn't done, and by stimulating that suspicion, you put the bookies and punters off one horse so their money heads to another ...”

        Just had a new pair of smart meters fitted…

        Both clearly labelled “Made in China”, perhaps we should start a hare running, given we know Chinese companies have embedded SIMs in some car parts to transmit “diagnostic data”…

        1. Anonymous Coward
          Anonymous Coward

          SIM cards in cars?

          Isn't it mandatory in new cars now?

          (of course, they are using 2G or 3G, so won't be usable soon)

    2. Bebu
      Windows

      "choose which horse to ride or maybe try to ride both."

      choose which horse to ride or maybe try to ride both.

      Perhaps an opportunity to sharpen one's pencil and pen The Dummies Guide to Medizing: A Practitioner's Manual which could be a best seller in the near future especially when updated to include chapters covering the application of AI to this domain. :))

      Perhaps the sale of Lenovo by IBM to Legend was a case of the Trojans dragging the Achaeans' gift within their walls.

  2. Pascal Monett Silver badge

    So, Lenovo will go the Huawei way

    Let's make no mistake : Hong Kong is now most definintly Chinese, so being registered in Hong King is no different than being registered in China.

    Given all the hoopla that was made (unjustifiably up to now) around Huawei, I see no reason for the so-called "national security minded" to not go for banning Lenovo as well.

    It's just a matter of time before someone apparently discovers some suspect transistor soldered to a Lenovo motherboard (with zero pictures to prove the claim) and uses that excuse to proclaim that Lenovo is not trustworthy any more.

    1. MrMerrymaker

      Re: So, Lenovo will go the Huawei way

      Lenovo are not as guilty, of the same sins.

      Of course, not that fairness matters to the Sherman Tanks

      1. Yet Another Anonymous coward Silver badge

        Re: So, Lenovo will go the Huawei way

        Michael Dell obviously hasn't contributed as much $$$ to $POLITICO as Tim Cook

    2. PhilipN Silver badge

      Re: So, Lenovo will go the Huawei way

      "being registered in Hong King is no different than being registered in China"

      Obviously you get all your "news" about Hong Kong and China from Western media, hence spouting the same absolute twaddle.

  3. Tubz Silver badge
    Big Brother

    It's not like Lenovo has ever pre-installed malware on it's goods? ..... Does a quick Google ......... oh shit they have, it's BAN HAMMER time !

    1. Paul Crawford Silver badge
      Trollface

      Oh that is just standard Windows experience

    2. Diogenes8080

      Promise you won't smell no...

      ITYM https://www.theregister.com/2015/02/19/superfish_lenovo_spyware/

      That was for teh adz. Lenovo customers worried about the PLA one day deciding to weaponize their interest in Lenovo should consider whether they really want Lenovo Vantage installing updates direct from Lenovo when and how it pleases.

      And yes, that bloatware finds its way into commercial builds too.

      1. Vincent Manis

        Re: Promise you won't smell no...

        I have bought a number of Lenovo machines over the years, in fact I have a Yoga 9i on order right now. I always do the same to each, installing GNU/Linux (typically Debian or Ubuntu, but on the new machine I'm planning on Manjaro). While I do leave a shrunken Windows partition behind, I don't leave any actual data on it, and never boot it. (I run Windows 11 on VirtualBox when I have to run it). I consider the risk to me by such a system identical to or less than the risk of anybody else's made-in-China machine.

        Lenovo is certainly an odd company, in that they have a fair bit of former IBM staff and management. I couldn't say what percentage of the company is owned in or outside China, but until such time as we can find equipment of comparable quality and price made entirely in a Western country, from Western made components, Lenovo is no worse than its competitors.

        1. Snake Silver badge

          Re: Promise you won't smell no...

          Even though I run Windows, on every personal machine I've always wiped and started from scratch, installing only what I know and what I want. It is far easier than trying to remove all the OEM bloatware, and also far easier to know exactly what I'm dealing with from that point on.

        2. Ken Hagan Gold badge

          Re: Promise you won't smell no...

          I think this may point to why no-one in the infosec community is too troubled. If you wipe the system down and reinstall the OS from trusted media, the remaining risks are the UEFI (probably not chinese), the processor (definitely not chinese) and things like your WiFi/BT chip (almost certainly chinese). Those are pretty much the same risks as you face with a machine assembled in a friendly country. Non-zero, but presumably the spooks think they have a handle on it.

          1. Yet Another Anonymous coward Silver badge

            Re: Promise you won't smell no...

            But if you're the owner of a financial news network and you are considering of a presidential bid - you might decide to report that all Chinese motherboards have hidden undetectable chips that communicate with China.

            Nobody else managed to find any evidence of these ? That just shows how undetectable they are !

          2. BartyFartsLast Silver badge

            Re: Promise you won't smell no...

            Sadly there's plenty to worry about even if you wipe the system clean these days but it does negate a lot of the risk.

        3. katrinab Silver badge
          Meh

          Re: Promise you won't smell no...

          My Lenovo ThinkStation was made in Hungary. My MacBook Pro was made in China.

        4. mattcang

          Re: Promise you won't smell no...

          Interesting you find the need to go through all that...for what reason? Anyways, China has already proven that they will use nefarious tactics (SuperMicro and Lenovo as examples) to place hardware sneakers on motherboards. You choose to be blind even though it's hitting you in the face...sad for your peers and country.

          1. Vincent Manis

            Re: Promise you won't smell no...

            I don't know who the “you” is, but if you're referring to me installing GNU/Linux, that's not because of some risk avoidance thing. I've been a Unix guy since the late 1970s, and that's the OS I prefer to use. As for people who wipe Windows and reinstall it from Microsoft media, that's because, as was said, of bloatware. Blame Microsoft and computer manufacturers for that.

          2. Phil Koenig Bronze badge

            Re: Promise you won't smell no...

            China has already proven that they will use nefarious tactics (SuperMicro and Lenovo as examples) to place hardware sneakers on motherboards.

            I am not aware of these allegations, care to share a link or two?

            Because SuperMicro is a US company, founded in and still headquartered in Silicon Valley. Some components come from overseas, just like in any Dell, HP or Apple computer.

  4. jokerscrowbar

    My last two phones have been Apple and my last two laptops Lenovo. The phones cost £1500 more but the difference in quality is that both laptops still work, they bricked my old phone and the 3 year old one has battery issues that ain't worth the repair cost. Who gets the data is negligible as it’s beyond my control

    1. Anonymous Coward
      Anonymous Coward

      Whereas I'm throwing away 3yr old Lenovo X13s because when the battery dies (very common problem) they won't power on even with an AC adapter,their UK service is shit, the RAM is soldered to the motherboard and isn't upgradeable from the 16gb supplied and they're generally hated by our users for poor reliabiliry and build quality.

      Weirdly the Macs and HPs we also issue are far better. (And believe me, I loathe Macs so saying that left an off taste)

      1. John Brown (no body) Silver badge

        RAM? Don't buy the models with soldered on RAM. There are plenty with either all socketed RAM or soldered on + a SoDIMM socket. As for the dead battery, no, you are wrong. It's not a dead battery if the system won't even power on from the PSU. It's a faulty battery (or something else). And FWIW, a fault I've not come across personally. One of the standard diagnostics for non-obvious faults is to pull the system board out, attach an HDMI screen, USB keyboard and then attach the PSU at which point it powers on by default, no power switch needed. They ALL do that and I've been inside a wide range of models. If yours won't switch on at all, disconnect the battery and try again. If it still doesn't work you have a different problem. It might be worth checking the CMOS battery, although I've never known a fault with that other than "dead, replace it". It should still boot with a dead or removed CMOS battery, just it will loose settings every time you power off :-)

        Lenovo have their problems, just like all the other OEMs do, there's no need to invent problems caused by bad decisions or lack of knowledge.

        (Don't talk to me about Dell and their insistence that everything is the users fault and not their hardware failure!!!)

  5. martinusher Silver badge

    Lenovo used to be IBM

    Lenovo used to make laptops under contract for IBM but the corporate giant decided that making stuff wasn't profitable enough so sold the business to their contractor. -- IBM ThinkPads became Lenovo ThinkPads, same great quality with just a different logo.

    Of course, this was a few years ago so a whole new generation of utterly ignorant noisemakers have grown up since then and only know Lenovo as this menacing Chinese company bent on undermining the USofA (or some other similar BS). If they're so worried about Chinese competition then maybe corporate America shouldn't have been in such a hurry to offshore engineering and manufacturing.

    1. Mage Silver badge
      Black Helicopters

      Re: Lenovo

      Lenovo wasn't IBM.

      They are no different to Huawei, and Hauwei isn't in the Chinese Government's pocket like ZTE. The Anti-Huawei stuff smells more of protectionism than real security.

      I'm not sure Cisco gear can be trusted if you are not the US Gov.

      1. A.P. Veening Silver badge

        Re: Lenovo

        I'm sure Cisco gear can not be trusted if you are not the US Gov.

        FTFY.

      2. Phil Koenig Bronze badge

        Re: Lenovo

        Hauwei isn't in the Chinese Government's pocket like ZTE

        Well let's see - the company's founder and current CEO was an engineer in the Chinese People's Liberation Army for 11 years, and joined the Chinese Communist Party in 1978.

        About 1 of 15 Chinese citizens is a member of the Communist Party, it's not required to be a member.

        History worked out a little differently for Liu Chuanzhi, Lenovo's founder and CEO. He joined the military too, for a short time, but because of relatives who were political dissidents, they wouldn't put him on any sensitive assignments. During the Cultural Revolution he got sent to a succession of labor-camps because he thought the Communist Revolution was stupid and said so openly. The CCP wouldn't take him if he begged them. ;-)

    2. Barking mad

      Re: Lenovo used to be IBM

      IBM sold off the ThinkPad and then discovered that selling laptops was getting their sales reps in the corporate door so that they could sell the profitable iron.

  6. Kevin McMurtrie Silver badge
    Black Helicopters

    Thoughts from under a tinfoil hat

    They could only be OK with the US because they're secretly assisting US intelligence agencies. How could China allow that to happen? They're secretly assisting Chinese intelligence agencies.

  7. steviebuk Silver badge

    Yes.

    Used to like them but their quality has gone down hill. They had Superfish and, not sure if it is true but there was a case in 2010 where several Lenovo devices sold to the US military had encrypted chips on them, recording all input and then sending back to China.

  8. Jason Hindle

    Should they go the Huawei, I’ll miss them

    When I buy a Windows/Linux laptop, I don't consider anyone else. That said, Lenovo is Chinese and must obey Chinese laws and regulations.

    1. Anonymous Coward
      Anonymous Coward

      Re: Should they go the Huawei, I’ll miss them

      You're a fool then.

    2. Roland6 Silver badge

      Re: Should they go the Huawei, I’ll miss them

      Funny, when I buy laptops, Whilst I do consider other manufacturers, with Lenovo I only look at the Thinkpad range…

      1. BartyFartsLast Silver badge

        Re: Should they go the Huawei, I’ll miss them

        It does seem rather short sighted to only consider Lenovo, it's got to be worth at least evaluating the others even if only to confirm your prejudice is correct.

        Personally I prefer HP, Dell and then if I'm forced to, I'll consider Lenovo.

        They're not IBM any more and the quality has really fallen since that changed.

        1. Saigua

          Re: Should they go the Huawei, I’ll miss them

          How come to prefer HP laptops? I mean, they're thick on the reuse forest floor if you need a matching piece, but is finding them discounted per their flaws strategic?

  9. An_Old_Dog Silver badge

    Security is Complicated

    During the cold war, there was a US company which refined 90% of the titanium in the non-communist world. That company: Wah Chang (Chinese for "Great Developments").

  10. Anonymous Coward
    Anonymous Coward

    Can someone point anyone to a current computer that doesn't need at least one component produced within Communist Chinese borders? That would be a big nope.

    And so, what are you going to do? How are those state-sponsored fabs in the US going - any nearer to actually coming online? Or the supply chains that would be needed behind them to disconnect China?

    Politicians might not call it a trade war with China... But it most assuredly is.

  11. CJ_C

    Trackpoint

    For me, for 20 years or so, the trackpoint has trumped all other considerations. Recently bought my fourth (or fifth?) Thinkpad. A new one (not second hand!) configured to suite me with an AMD processor. Still messing with different Linux distros but the time to switch is approaching as my unloved X240 is falling apart and the battery is only good for 30 minutes or so.

    Is the trackpoint beholden to CCP? It is certainly red in colour...

    1. John Brown (no body) Silver badge

      Re: Trackpoint

      "and the battery is only good for 30 minutes or so."

      Not sure about the rear/external battery, but there seems to be plenty supplying the internal optional battery. Your will either have a second battery or a plastic "stiffener" in it's place. Just replace the internal battery if that's the cheaper option.

    2. Barking mad

      Re: Trackpoint

      I was never happier than when they started selling keyboards with a TrackPoint!

      (My first ThinkPad was a 300 and I've been using them for the last 32 years).

  12. Andrew Scott Bronze badge

    lenovo security

    Haven't they (lenovo) already been caught installing backdoors and rook kits on computers they sell? seem to remember articles about this 10 years ago or so. Probably a lot better at it now.

    1. Phil Koenig Bronze badge

      Re: lenovo security

      They probably unwittingly installed an ad-supported utility on some of their LT's that became a bit of a controversy because it turned out it was an early version of commercial spyware and when people found out about that they were not happy about it.

      So I'd personally chalk that up to probably just a weak team responsible for vetting the apps they pre-install on their devices, not some nefarious plot. They certainly were not the only PC maker that fell for that at the time.

      https://en.wikipedia.org/wiki/Superfish

  13. Dr.Flay

    Seems to be a lot of shoe-gazing and looking at the sky

    Hong Kong is not independent anymore and is under the direct rule of China, so the idea that being a Hong Kong based company actually means anything any more is naïve at best.

    As long as the CCP have their "golden share" of Lenovo they are one of the "partners" that data is shared with in the terms and conditions.

    As long as the CCP have their shares in the company they are legally compelled to share all data with the party.

  14. Spanners
    Alien

    The real reason

    The real reason behind the US assault on Chinese technology has absolutely nothing to do with security.

    It was entirely about stopping companies like Huawei from racing ahead of anything the US can produce. It is pretty pathetic that the UK joined that sham. "We don't want Chinese companies evolved in 5g because we are sure that companies from the land of the (very un)free could get rich from it instead.

    Perhaps the US can't make enough laptops of that standard and they know that this protectionism will be even more obvious?

    1. Saigua

      Re: The real reason

      Hey link the real article from The Economist, FT, the Chinese PC Enthusiast Mags (freeform spreadsheets and 5GL are my jam! CCParty yeah!) or EconRxiv next time tho. <3

  15. Phil Koenig Bronze badge

    Lenovo really does seem like a fairly rare Chinese technology company with a diverse management team, research teams in various countries outside of China, and a generally "cosmopolitan" attitude. Rather than the blatant and insular nationalism that a lot of Chinese companies seem to ooze these days.

    Contrast that with Huawei for example, which literally has direct ties to the Chinese military (PLA) and probably also to various high CCP officials, and is a notorious intellectual property stealer. (For example Cisco fought them for years over appropriation of trade secrets and even after they reached one settlement they later said that Huawei had lied in its presentation of facts of that case)

    Whereas I cannot remember a single case of Lenovo engaging in blatant copyright or patent abuse or any other sort of corporate malfeasance other than an occasional sloppiness in some of the software they bundled with their computing products.

    When they took over IBM's PC business in 2005 I was very skeptical as I had become very fond of IBM Thinkpads at that point. It didn't take long for that skepticism to fade away. I still prefer Thinkpads and Lenovo is the largest PC maker in the world now.

    Yes it's true that Chinese companies theoretically are supposed to help the authorities snoop on people if asked. But Lenovo's field of business would mean that if they ever got caught doing such a thing, it would destroy their reputation and their business. I doubt even the CCP would put the company and their 80,000 employees at risk for that.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like