Linked by Thom Holwerda on Fri 5th Oct 2018 18:24 UTC
Apple

So this is an interesting underreported story from February 2018 - as it turns out, iPhones sold in China will soon use specific NAND chips made by a specific Chinese company that won't be used in iPhones sold outside of China.

Apple is in talks with state-backed Yangtze Memory Technologies to buy NAND flash chips from it, a move that will mark the U.S. giant's first purchase from a Chinese memory chipmaker and a huge boost to the local sector.

[...]

Whether Apple is under any pressure to buy from Chinese makers is unclear. Afterall, China has been known to apply pressure on foreign technology companies that want to operate within the country. One thing is for sure, Chinese deals will help Apple grow its business there, according to an industry executive.

[...]

As such, the earliest that the deal could come into fruition will be 2019 but industry sources say it is more likely to be after 2020 before Yangtze Memory can produce enough of the components at a standard that Apple requires. Apple will use these chips in new iPhone models and other products for sale in the Chinese domestic market specifically, according to two people familiar with the matter.

So, Apple has already handed over the iCloud data of its Chinese customers to the Chinese government through a government-owned datacenter company, and soon, iPhones sold in China will use China-specific NAND chips that won't be used in iPhones outside of China. With yesterday's Bloomberg story fresh in our minds, is it really that far-fetched to assume these China-specific NAND chips are unsafe, or perhaps even have a backdoor in them that weakens on-device encryption?

There is no way that the Chinese government would somehow exempt Apple from aiding in government surveillance, and these seemingly unrelated news stories all seem to suggest that Apple is, indeed, doing so.

Order by: Score:
mistersoft
Member since:
2011-01-05

Slightly off-topic, but this item seems to me to align with a special report in UK new media yesterday (on Channel 4) regarding the "reeducation centers" for indigenous Uyghurs within their homeland (Xinjiang). And therefore I'll continue

Not only does this cultural "reeducation" (toward Han Chinese and Chinese Communist Party "accepted norms") seem only a mere hop, step, let alone jump, from the type of more violent ethnic cleansing the Rohingya have been suffering in Myanmar -- apparently, so the report continued....the Communist Party Subjugation and Control Apparatus have been using(abusing) this Uyghur population to beta test a variety of the latest and greatest mass surveillance technologies (from widespread facial recognition cameras, to smart-card ID chips monitoring entrance/exits to buildings, to smartphone tech that recognizes messages going to or CC'ing dissidents..and makes sure they never arrive---This was shown happening live).

Orwell apparently didn't go far enough!

Lao Tzŭ and even Confucius would be turning in their graves....

Edited 2018-10-05 19:13 UTC

Reply Score: 4

Iapx432 Member since:
2017-09-30

... regarding the "reeducation centers" for indigenous Uyghurs within their homeland (Xinjiang)..

Lao Tzŭ and even Confucius would be turning in their graves....

Lao Tzŭ is turning for sure, running a country like frying a small fish etc..

Maybe not Confucius who valued social harmony and collectivism over individual rights. Basically the Chinese are trying to prevent another IS on their doorstep. and would see the "re-education" as the price for harmony. I appreciate that not all would agree with this rights infringement regardless of the goal.

Back on topic - it's been common practice for decades to require companies (usually American) to invest locally for market access. Boeing did this with the Dreamliner to an extreme causing a lot of delays on integration of the final aircraft, but hopefully no spy NANDs. No Chinese parts either, other then Dreamliners are full of iPhones ;-).

Reply Score: 2

Something's odd
by Alfman on Fri 5th Oct 2018 20:31 UTC
Alfman
Member since:
2011-01-28

Thom Holwerda,

So, Apple has already handed over the iCloud data of its Chinese customers to the Chinese government through a government-owned datacenter company, and soon, iPhones sold in China will use China-specific NAND chips that won't be used in iPhones outside of China. With yesterday's Bloomberg story fresh in our minds, is it really that far-fetched to assume these China-specific NAND chips are unsafe, or perhaps even have a backdoor in them that weakens on-device encryption?

There is no way that the Chinese government would somehow exempt Apple from aiding in government surveillance, and these seemingly unrelated news stories all seem to suggest that Apple is, indeed, doing so.



Not to question china's motivation for adding backdoors to products (or the US backdoors for that matter), but something here doesn't seem to add up. NAND flash chips don't do encryption. It wouldn't be practical to apply crypto here because the individual bits in NAND flash are notoriously unreliable and generally require controllers to apply error correction, wear leveling, and remapping algorithms to create what we would consider "raw bytes" on storage medium. By the time the NAND flash chips get information, it will already have been encrypted. So it's not clear to me what adding a "backdoor" to NAND flash chip would even mean?

So unless the article misspoke and meant flash controllers or other kinds of chips, then I don't think the backdoor theory is plausible. IMHO a more likely explanation is that forcing apple, a US company, to buy parts from china may be a move by china to respond to the trump trade war.

Given the whitehouse recently moved to impose another $200B in taxes on chinese goods, it wouldn't surprise me if China was responding to the US protectionist policies with it's own protectionist policies. For better or worse, this is our new world.

https://www.politico.com/story/2018/07/10/trump-china-trade-tariffs-...

Reply Score: 4

RE: Something's odd
by whartung on Fri 5th Oct 2018 21:37 UTC in reply to "Something's odd"
whartung Member since:
2005-07-06

But after the story of the possibly compromised motherboards, who can say what is on those NAND chips.

Stallmans MIPS based open hardware laptop is looking better every day.

There was also an interesting article about using an Apple II for Nuclear Weapons inspection because it's easier to inspect for possibly hidden compromises.

https://hackaday.com/2018/01/10/34c3-vintage-verification-stop-nucle...

Reply Score: 2

RE[2]: Something's odd
by dionicio on Fri 5th Oct 2018 21:48 UTC in reply to "RE: Something's odd"
dionicio Member since:
2006-07-12

Lemote Foolong 2E.

Reply Score: 2

RE[2]: Something's odd
by Alfman on Sat 6th Oct 2018 06:20 UTC in reply to "RE: Something's odd"
Alfman Member since:
2011-01-28

whartung,

But after the story of the possibly compromised motherboards, who can say what is on those NAND chips.


I didn't elaborate on it, but my point is that even if an attacker controls the NAND flash chips, it shouldn't compromise the data assuming the storage is fully encrypted by the system(*). The only thing an attacker with 100% access to the NAND level can do is to introduce corruption/brick the phone. An adversary could neither read nor write coherent data to the phone. Due to bit cascading properties of crypto algorithms, any change the attacker can make (ie by planting it at the factory) would get read as corrupt (totally random) data.

The reason this works is because cryptographic security assumes from the outset that an attacker will have access to the raw medium, so this assertion that NAND flash has backdoors, even if true, doesn't allow them to compromise the crypto. The best they can do is cause corruption/storage failure.


* Note: We shouldn't assume anything really, these iphones in china (or even in the US) could have weak crypto implementations. While I'm not asserting this is the case in this instance, unfortunately there is precedent for apple claiming that it's security functions are more secure than they really are. An example is the fundamental flaws in imessage's "end to end" crypto which enables wiretapping.

Hypothetically, I'd be more concerned about backdoors existing in RAM/CPUs and other chips that can DMA to unencrypted memory. It wouldn't be easy to accomplish, but if they succeeded this would be a major compromise.


Stallmans MIPS based open hardware laptop is looking better every day.


Agree, but I have to admit that I personally struggle to apply my open philosophy to every day life when the corporations that act to take away these freedoms have the upper hand. It's frustrating being unable to "vote with our wallets" when there are no open solutions available. Sometimes the choice is easy, but other times I get stuck and reach a dead end because there are zero FOSS options available to mainstream consumers.



There was also an interesting article about using an Apple II for Nuclear Weapons inspection because it's easier to inspect for possibly hidden compromises.


Doesn't the risk stems more from the origin of the chips rather than the architecture those chips are running? Even a chip that ostensibly implements 6502 could be backdoored.

I would expect that the inspecting countries could use multiple implementations from multiple sources. Diversity adds redundancy against both intentional and accidental instrumentation flaws & backdoors. If any of the implementations disagree, you know something's up. In many respects, monocultures & lack of diversity are one of the biggest threats to security because it represents a single point of failure.

Edited 2018-10-06 06:26 UTC

Reply Score: 3

RE[2]: Something's odd
by zima on Sun 7th Oct 2018 20:44 UTC in reply to "RE: Something's odd"
zima Member since:
2005-07-06

Stallmans MIPS based open hardware laptop is looking better every day.

Wasn't it made in China / with Chinese CPU? ;) (supposedly the Chinese love MIPS)

Reply Score: 3

Don't believe this for spying
by rener on Mon 8th Oct 2018 07:03 UTC
rener
Member since:
2006-02-27

If IOS has actually working encryption the data on the flash chips should be encrypted, this is likely only forcing Apple to source from Chinese supplies, and thus leave more profits in China.

Reply Score: 1

RE: Don't believe this for spying
by agentj on Mon 8th Oct 2018 09:19 UTC in reply to "Don't believe this for spying"
agentj Member since:
2005-08-19

I suspect some Chinese company stole flash technology from another country like they usually do and now they want to force crapple to buy "their" product or they made enough money on selling counterfeit products based on stolen designs (it's cheap when you have no R&D cost), and developed "similar" design to existing products.

Edited 2018-10-08 09:19 UTC

Reply Score: 1

Alfman Member since:
2011-01-28

agentj,

I suspect some Chinese company stole flash technology from another country like they usually do and now they want to force crapple to buy "their" product or they made enough money on selling counterfeit products based on stolen designs (it's cheap when you have no R&D cost), and developed "similar" design to existing products.


I'm sure there's some truth to that, it bothers me when there are counterfeit products sold to unsuspecting buyers. But we can't ignore how screwed up IP is in the west. This is especially the case with patents, where corporations will sue others for ideas even when they weren't based on the patent owner's work. We ought to be wary of companies that claim exclusive rights to inventions across the world. Even in the US there is a huge problem of companies monopolizing ideas and impeding others from independently developing them.


In an industry with few inventors, the chances of overlapping the work of others will be lower. But when there are thousands working across the globe in the same field, the chances of idea overlap are practically 100% to the point where it becomes difficult/impossible to avoid patented works. Giving the rights of an idea to one patent owner robs all others of the fruits of their work. To make matters worse, our patent system has been transformed into a weapon that's no longer about protecting inventions, but deliberately patenting all conceivable variations to force competitors to infringe.

In short, we need to distinguish between instances of insiders stealing designs and using them to replicate products versus Chinese engineers who legitimately develop competing products or clones using their own time & resources. I know it fits the American agenda to gloss over these distinctions, but in terms of ethics, it does matter.

Edited 2018-10-08 17:48 UTC

Reply Score: 3