Chinese ARM Processors Have A Backdoor

Allwinner-chipFile this under Not Surprised.

One of the problems with sending all our technology manufacturing jobs to foreign countries in order to produce less expensive goods is that some of these countries are not necessarily our best buddies.  With some of them we might have what you would call “trust issues.”

Recently The Hacker News released an article about how a Chinese manufacturer of ARM processors (Allwinner sun8i for A83T, H3, or H3 processors) used in popular Android phone products, and several variations of the Pi hacker boards (Banana Pi, Orange Pi) have a backdoor embedded in them.  The Chinese claim is that this backdoor was inadvertently left in by developers who used it in the debugging process.  Sure, its possible.  Or maybe they meant to leave the backdoors in.

If we hadn’t already dealt with this issue in the routers manufactured in China for Juniper Networks, reported here in February (Perils From The Edge – Insecure Routers), I might be more inclined to give them the benefit of the doubt.  As it is, I am suspicious.  As an Android phone user, I am not pleased.  According to the article, “This security hole is currently present in every operating system image for A83T, H3 or H8 devices that rely on kernel 3.4”  You can Google the specs for your phone model to see if it is affected.  Fortunately for me, my LG G4 VS986 appears to be using a different processor.

 

Be Sociable, Share!

1
JUN
1

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Comments

  1. Samir  April 24, 2021

    F these shady off-shore manufacturers. It’s time to bring it all back home and leave these unethical criminals to their own means. The short term cost savings are nothing compared to the cost of the fakes, brand damage, and resulting fallout from these products destroying the market created by the inventors. When it comes to china, the only good answer is ‘no’.

    reply
Subscribe to Comments

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.