Richard Clarke is coming out and saying that all electronics made in China may well have built-in trapdoors allowing Chinese malware to infect American systems on command. The malware could do everything from take over a device to disabling it to secretly siphoning information off of it.

The Defense is loaded with them

http://defensetech.org/2012/03/29/richard-clarke-all-u-s-electronics-from-china-could-be-infected/#ixzz1qvda3pFK
Defense.org

When will we figure out destroying America's manufacturing jobs and shipping them to China for cheap labor

was America's downfall

who told me they have experienced Stealing of their research and development and another chemical company in petro chemicals hired Chinese scientists only to have them leave and go back to their native country to open their own chemical company specializing in their chemicals

These corporations have played a game of destroying America way of life and now will be destroyed by their own actions

all in the name of cheap labor

the American way of life.

planning for the event. Except this time there well might not be a chance to react until it's too late. US is too preoccupied with spying on our own citizens.

Was warranted for 90 days.

At 100 days it went dead. Wouldn't run the laptop. Laptop gauge said the battery pack was dead.

Took it apart. 6 Ion batteries held the required voltage. And found a chip on a board inside the battery pack.

All someone had to do was send a code to that chip telling it to turn off and not let any current flow. Which I figure is what happened, since the actual 6 battery cells held a charge.

I had a similar experience with a cell phone years ago.
Given our complete dependence on technology, the
possible ramifications are really scary.

BHN

But not until your car is hooked to the internet.

Of course there could be a satellite receiver built into the computer under the dash.

That chip and board are most likely for voltage regulation and simple status information to send to the rest of the computer. How computers are wired up, I don't see where or how such a signal would be received, or even how useful it would be for a hacker. No damage to data, removes access from computer, and only temporarily inconveniences the user. Hell, I don't even think those batteries have firmware to update, considering how they are wired, the communication, if you can call it that, is one way. This isn't Hollywood we are talking about.

Like you said the chips communicate with the computer.

A code comes into the computer over the internet and in the communications with the battey chip the code simply tells it to stop communicating with the computer.

The battery has printed on the outside a unique ID. So the chip knows it's name and the code knows what is talking to. 90 days are up and off it goes.

Batteries are wired to computers for communication ONE WAY, you would have to have a program execute on the computer to tell the battery to sabotage itself, something that I have yet to hear anyone be able to do. Again, one way communication, also the instructions for this will have to be present in the chip on the batteries circuit board.

Also, you are describing a timer, not a hack attack, and basically you are blaming shoddy construction and poor quality control on sabotage, a little paranoid, don't you think?

Think about that. The communication goes both ways, geez.

There are 6 contacts on the battery. Two are for the current.
The other four are communication contacts.

The code comes in from the internet, goes to the driver that operates the battery, and then tells the battery chip to end coms.

The actual batteries are fine, they are holding the rated charge.

But oh, I see you do think that their could be a timer coded into the battery from construction. But the battery was built over a year ago, so the timer code from factory idea is bzzzzzt.

Anyway, you do admit they could hack the thing, so, at least you do get a wee-bit of the possibilities?

or a type of built in timer that is remotely activated to implement what you just stated.

But again, why would they? What would be the usefulness of hacking a battery on a laptop, to piss off the user? Force them to buy another one? I guess those would be valid reasons, for private companies, not governments. I could see Dell implementing such a code, or Apple, but not the Chinese government.

You are getting there.

it required physical access to the computer(if you leave your laptop out at Starbucks, logged in, battery hacking is the least of your worries). Even going so far as to check the voltages on the batter, and ruining it. Of course, leave it to Apple to leave not only re programmable firmware in the freaking battery, but also keeping the default passwords that is present in public documentation. Indeed, there's a free tool available for download that can scramble that password, making it impossible for people to access the batteries of Mac laptops now. It also prevent firmware updates, but seriously, who needs those for batteries?

doesn't matter what OS it uses.
Just keep on believing that you're safe on the day it locks you out.

The battery's flash part contains some fairly simple code to keep track of the "cycle count" (number of discharge/recharges), date of manufacture and other things. If you have a battery with the right chip you can download a software utility to reset the numbers and make your battery like new, assuming the actual cells are like new as well.

http://be2works.com/

That could come in real handy for folks. Too bad I had to destroy my $70 battery to see how it was made. Next time I'll be hitting that link.

Oh, what do you know about those ink cartridges?

No software download required for this procedure-

http://www.ehow.com/how_6054091_reset-hp-toner-cartridge-chips.html

About two months after the warranty expired it started blanking out. I'd turn it on and everything would be fine for two seconds or so and it would just shut off.

I thought it was just a fluke and I bought another similar Samsung model because I've had good luck with their stuff in the past. Guess what? The same thing happened with the new unit just after the warranty expired.

Maybe it's a coincidence or maybe Samsung monitors suck in general but I'm not touching their products again.

Last edited Tue Apr 3, 2012, 10:06 AM - Edit history (1)

Do you have a smart meter on your power feed? If you do there is a type of internet connection that allows your meter to com with the power company, or so I have heard.

Seems that connection could be hacked and samsung or whoever could be reading the warranty and sending code?

Also.... remember vaguely a post on DU a month+/- ago questioning if your TV was listening and watching you.

I find it really odd that I'd buy two different products from the same company and both would have the same failure just within weeks after the warranty expiration.

Even more odd was the nature of the failure. Turn on the monitor and it works fine for two seconds and then just dies.

I'm not quite ready to crown myself with a tin foil hat but it had occurred to me that Samsung might have had something wired into the monitor that generates a failure after the warranty has expired. I've had devices croak just after warranty before but never that close and never twice in a row.

Here's the unpublished bottom line; There is no way to secure any of the "new" technologies. In particular the so-called cloud, which all you technically naive users are being pushed into, is a security nightmare. Every piece of technology that you are pouring your $$ into comes from nation's that are our enemies, and they have the capacity, and there is a (unpublished, of course) growing consensus that what Mr. Clark is writing about is, or will be, carried out right now.

Do you know how to write and implement a BIOS? Is there anybody making a secure BIOS out there? Are you willing to allow literally everything about you, from financial and medical records to all of your personal correspondence to be placed in the hands of strangers that are likely to harbor ill will against you simply because you are American? We all bear the ill will our government generates with its policies.

Short-sighted and dangerously dumb, our leaders are failing us in more ways than we can ever hope to foresee.

It's crazy how much of our personal information is spread out globally-
I always ask for US based tech support, not that it matters since
my information is out "there" any way.
BHN

some understanding of how little you can do about it since our government sold us out.

And of course, we have the security(?) of being so insignificant, there is little chance of being individually targeted...

but I worry more about Microsoft, Dell, Apple, and others about hacking into that, or implementing backdoors for their operating systems and or programs to exploit. I don't worry too much about China in that regard, the worse security breach in recent years was from Sony, after all, in the name of copyright protection.

and has made some of them available to their large co-conspirators... er, partners.

Customer service that requires customers to install, or allow to be installed, software so their techs can go into the system to fix problems since it takes too long to talk them through it, an don't even get me started on "social networks" (BTW if you are on Facebook without a dedicated system, you are literally begging to be tracked and hacked).

Malicious software can be written into virtually anything, device drivers, USB, any of the RISC chips in any of the devices we own, and there's no practical way to know it.

A lot of it comes down to the fact that people simply refuse to learn or follow the most basic information security, but of course when bad things do happen to them, they're more than willing to blame somebody for their own negligence.

But back to our data, when Clinton gave M$ their unofficial monopoly status that signaled the world that it is open season on American data.

How many people do you imagine are aware that their health, financial, insurance, government and professional licensing, etc. data are in the hands of unregulated, unaccountable, and frequently untraceable foreign contractor's systems?

For example, the BIOS being designed so that companies that feel you are violating some EULA or TOS can, for example, brick your PC. Considering how inaccurate and heavy handed their methods for determining this are. For example: my copy of Microsoft Windows 7 was legally bought, at best buy, but was labeled as "unauthorized" and wouldn't activate until I called Microsoft and straightened it out.

Hardware vulnerabilities worry me, and nothing can be 100% secure, however when those who make these devices DESIGN vulnerabilities in for them to exploit, that not only make the device more vulnerable to unauthorized access, but so called "authorized" access as well. I don't want to have to do have to violate the DMCA(horrible law) or some TOS or EULA(not technically legally enforceable), just to make my device usable. Its just an inconvenience.

acceptable or common practice since the 80's). M$ has, as usual, been the most abusive and to this day refuses to adhere to any standards and practices.

There used to be a law that military items had to be manufactured within the U.S. to prevent just this kind of thing.

How safe do you think people would feel if they had any clue of just how completely vulnerable we are?

This article reveals some of the most terrifying parts.

But, if you're into serious geekiness, that/those conference is fascinating.

your so right

This isn't Hollywood, and while Richard Clarke is an intelligence expert, I wouldn't call him an expert on electronics. They aren't magic, they don't automatically do anything, and building a "backdoor" into a HD radio built in China is stupid.

in China.

But I've worked for the past twelve years in two different R&D labs with consumer electronics. In both places, the hardware and firmware development and testing has been shared between US and foreign teams including China. The firmware development has been moving overseas for some time now and doesn't show any sign of returning.

That's why the federal government is beginning to insist that it's IT security products be made in the United States.