Lenovo Computers Banned by the 'Five Eyes' Spy Agencies

Photo credit: Peter J. Kovacs/Shutterstock.com
Photo credit: Peter J. Kovacs/Shutterstock.com

The ban was apparently implemented soon after Lenovo purchased IBM's PC business in 2005. According to a report in the Australian Financial Review (AFR), the ban was introduced "after intensive laboratory testing of its equipment allegedly documented 'back-door' hardware and 'firmware' vulnerabilities in Lenovo chips." Details of both the testing and the results remain classified.

However, it would appear there is concern that these 'vulnerabilities' could be triggered remotely to allow covert intrusion by the Chinese government. James Turner, a security industry analyst at tech research firm IBRS, told AFR, "Most organizations do not have the resources to detect this style of infiltration. It takes a highly specialized laboratory to run a battery of tests to truly put hardware and ­software through its paces. The fact that Lenovo kit is barred from classified networks is significant, and something the ­private sector should look at closely.”

Noticeably there is no overall ban on Lenovo computers – they are still widely used by government departments generally. Nor have any details from the classified report been publicly disclosed. Lenovo does have a connection to the Chinese government. It is 34% owned by Legend Holdings, which is 38% owned by the Chinese Academy of Sciences – a government entity.

In a statement Lenovo said, "We have not received word of any sort of a restriction of sales so we are not in a position to respond to this question... We’re surprised by this development as Lenovo continues to have a strong relationship with all Australian government departments. Customer data privacy is a top priority for Lenovo across all customers groups."

Another Australian publication, Delimiter, is far from satisfied with the news, and raises the question of whether this is a political and economic issue, rather than a security issue. It points to the widespread use of Lenovo computers. "If those machines are inherently compromised, and evidence exists, that evidence should be made public immediately, for the good of the global business and government community."

If there is no actual evidence, then "Western governments are perpetuating, as Huawei has alleged in its own situation, a massive case of corporate defamation perpetuated on Lenovo." 

The reality is that despite repeated public warnings by Western governments about security risks inherent in Huawei – and now Lenovo – no single piece of demonstrable proof has ever been made public. This continuous 'defamation' is beginning to wear thin on Huawei. Last week William Plummer, vice president of external affairs at Huawei, told The Verge in a comment that might be reused by Lenovo, "Someone says they got some proof of some sort of threat? Okay, then put up. Or shut up."

What’s hot on Infosecurity Magazine?