Chinese computer manufacturer Lenovo saw share prices plummet after revelations broke about spy hardware installed on Chinese-manufactured motherboards. In the initial report, published by Bloomberg on October 4, it was revealed that the Chinese military hid physical spyware on server motherboards bound for giant US corporations and the US military.
But that spyware wasn’t just sent to Google, Facebook and the NSA. It went to consumer computing manufacturers too.
Lenovo bought IBM’s computer manufacturing business in 2005 and started making laptops and computers. And it’s had a rocky history with privacy: several times, what looked like standard-issue manufacturer bloatware has turned out to be a massive security risk of some kind.
In 2014, the company’s SuperFish Visual Discovery, an algorithmic image search engine used to identify lower-priced items for shoppers, was discovered to be hijacking browsers and inserting its own HTTPS certificates into everything, making HTTPS as insecure as HTTP and, well, did I mention hijacking browsers? Basically, every Lenovo computer was shipping with a built-in man-in-the-middle attack.
So it’s fair to say Lenovo has some form in this department.
Apple, on the other hand, has consistently behaved above par for a giant corporation compared with its immediate peers, seeming to care about privacy – or at least, to see that there were dollars to made from those who do by acting that way.
So why has Apple’s Taiwanese supplier, Taiwan Semiconductor, all been hit by the news?
Apple says it’s not affected. (But then, so does Amazon, a major focus of the original Bloomberg report.) And Lenovo says it doesn’t even buy equipment from Supermicro, the San Jose-based firm whose Chinese-manufactured components were the source of the chips.
So how much of this knock-on effect is down to Apple shipping spyware chips, and how much of it is because Lenovo and Taiwan Semiconductor are Chinese?
It’s hard to say. But the explosive Bloomberg report may turn out to be only the first of many detonations, as international efforts to either ‘secure’ the internet or weaponize it continue.