Sunday, April 14, 2024
HomeSECURITYUS agencies use chips from China despite bans

US agencies use chips from China despite bans

-


US agencies use chips from China despite bans

Hualan, a subsidiary of the banned Hualan, still supplies chips that are used in equipment by NATO, NASA and the US Navy.

The Chinese company Hualan Microelectronics, which produces cryptographic chips, was included in the “black list” of companies by the US Department of Commerce in 2021 (Entity List) for supporting China’s military modernization.

However, Hualan subsidiary Initio still supplies chips to Western manufacturers of encrypted hard drives that are being bought by NATO, NASA and other US and UK agencies. This raised concerns that the chips could contain hidden backdoors that would allow the Chinese government to decipher the secrets of Western agencies.

Security researcher Matthias Degg discovered several vulnerabilities in Initio’s chips that allowed it to bypass the security of encrypted USB flash drives. He also noted that it is very difficult to find hardware backdoors in chips, as they do not have public documentation and do not respond to requests from researchers.

Manufacturers of storage devices using Initio chips have stated that their products are secure and cannot be hacked even by Initio or Hualan. The vendors have also indicated that Initio is not mentioned in the Entity List and is not covered by the list. However, national security experts argue that subsidiaries on the list are actually considered to be on the list too.

Western government agencies have not commented on what equipment they are buying, but have said they carefully test the safety of the technology they use. Cryptographer Matthew Green noted that the security certificates boasted by some encrypted hard drives do not check for deliberately hidden vulnerabilities.

Experts believe that the use of chips from China indicates the difficulty of navigating the computing supply chain and is a real miscalculation on the part of organizations that should prioritize security.

Recall that in May 2019, the US Department of Commerce contributed Chinese telecommunications company Huawei, as well as 70 related firms to the Entity List. Authorities have also banned Google from allowing new models of Huawei phones access to the Google Mobile Services developer suite, which powers most Android apps.

After that, the founder of Huawei Technologies Ren Zhengfei urged company employees “dare to lead the world” in software. According to Zhengfei, future developments in this area are fundamentally “out of US control, and will give the tech giant greater independence and autonomy.”

By adding companies to the blacklist, the FCC believes that Chinese companies will not be able to refuse the government if it requires them to start spying on customers or collecting sensitive data. In addition, the commission made it clear that it is dangerous for American organizations to do business with any of the banned companies. Recall that earlier the FCC list included Huawei, ZTE, Hytera, Hikvision, Dahua, Kaspersky Lab, and telecommunications companies China Mobile and China Telecom.



Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular