Joshua Philipp Profile picture
Oct 5, 2018 20 tweets 4 min read Twitter logo Read on Twitter
(1) The Chinese spy chips found in hardware of Apple and Amazon should have been expected. There's a long history of cases like this. #cybersecurity #defense #security
(2) The Senate Armed Services Committee warned of this threat in May 2012, and found over 1 million counterfeit parts is US military systems — largely from China. theepochtimes.com/fake-electroni…
(3) It reported: “The investigation uncovered dozens of examples ... including on thermal weapons sights delivered to the Army, on mission computers for the Missile Defense Agency’s Terminal High Altitude Area Defense (THAAD) missile, and on a large number of military airplanes.”
(4) This was also just the tip of the iceberg. Remember in 2013 that Chinese spy chips were found in electric kettles and irons being sent to Russia. They would search for unsecured WiFi connections, then call home. theepochtimes.com/pre-hacked-ele…
(5) Also remember that in 2011, recording devices were found in all dual-plate Chinese-Hong Kong vehicles, which were installed by China’s Shenzhen Inspection and Quarantine Bureau.
(6) In June 2010, Chinese-made memory cards in Olympus Stylus Tough cameras were found to be infected computers. The same virus was found in memory cards of Samsung smartphones.
(7) And similar embedded threats were found in Chinese-made TomTom GPS systems and other devices that were being sold at places including Best Buy, Target, and Sam's Club. A list of cases could go on for a while.
(8) Among the more serious cases was the "Zombie Zero" threat that was uncovered in 2014 by TrapX. theepochtimes.com/china-spies-on…
On the TrapX case, they found a Chinese company had installed spy software in handheld scanning devices used for global shipping.
(10) The infected devices in the "Zombie Zero" case gave Chinese spies access to all corporate financial data, customer data, and shipping data on the infected systems; and also complete situational awareness of global shipping and logistics operations.
(11) The U.S. government tried addressing the threat of embedded breaches in the supply chain through a law passed in the 2014 U.S. federal budget which requested a federal review of products purchased by federal agencies. theepochtimes.com/us-govt-squeez…
(12) China’s Ministry of Commerce of course didn't like this very much. It released a statement soon after saying the US policy would “have a negative effect on Chinese companies, besides harming the interests of U.S. firms.”
(13) Chinese state news outlet Global Times even claimed the U.S. should "correct its mistaken ways" after the law was passed.
(14) A similar program was passed in the private sector around the same time, called the Open Trusted Technology Provider Standard Accreditation Program, but was likely sabotaged by its attempts to appease the Chinese regime.
(15) Included in its 422 members were 11 groups based in China, where most of these threats originated.
(16) They likely knew this as well. This followed the Armed Services Committee report that said "China is the dominant source country for counterfeit electronic parts that are infiltrating the defense supply chain."
(17) The same senate report said "The Chinese government has failed to take steps to stop counterfeiting operations that are carried out openly in that country."
(18) Going by the recent case, it doesn't look like the public or private program did much good.
(19) The list of threats like this could go on for some time. What we're seeing with threats from Chinese chip makers is an ongoing problem that the U.S. government and major companies are aware of, yet have not properly addressed.
That's it for now.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Joshua Philipp

Joshua Philipp Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(