Earlier this week, the Australian Financial Review reported that Australia and other Western countries were blocking Lenovo hardware from secure locations because investigations have discovered some kind of malicious vulnerabilities. Only one problem: The Australian Department of Defense says the report is false. This forced those who picked up the story to publish a disclaimer.
Something should have occurred to folks writing the story. Why, in the midst of a huge NSA dust-up on spying and during a time when folks were mostly focused on mobile devices, would there be an investigation on PCs from China? You'd think every investigator would be looking at American-sourced gear and services instead.
Think about it: You suddenly hear that the U.S. is likely spying on your citizens, so the first thing you do is open and fund an investigation on Chinese hardware. It's not impossible but, given how improbable it is, you'd think someone would check the source before the story was published, not after. The other issue: Lenovo actually has a better defense for this kind of problem than anyone else.
Why Target Lenovo? Everyone Aims at No. 1
I'm fascinated by the "why" of things, and I see two reasons Lenovo may have been targeted. Neither have anything to do with Lenovo exposure. The most likely, given the timing, is that someone wants the attention on the NSA actions shifted back to China; whoever it is doesn't know how PCs really work, so it seems like a logical story.
Why doesn't this person know how PCs work? Unlike smartphones and tablets, PCs are surrounded in companies and governments (particularly security organizations) by layers of security products. These products can discover a virus and other unauthorized transmissions from the hardware. Even if a PC has a root kit, which virus-checking products can't see, its transmissions will identify that it has been compromised. In short, in the agencies that allegedly did the work, there's virtually no chance a compromised PC wouldn't be caught.
Mobile devices, though, typically don't run this software and connect to external networks. An exploit like this could work. Since the NSA-Snowden disclosure mostly surrounded mobile networks, and since any discovery there would point back to the NSA story, I suspect PCs were chosen because the related story was less likely to have an NSA element. (The originating story didn't mention the NSA problem.)
The other likely cause: Lenovo is now ranked No. 1 in the world in PC shipments. This looks bad on the reviews of executives who compete with the company. Many of these executives have press access-but giving executives access isn't the same training them on how to properly use it. Passing on, or making up, a story such as this would seem credible-particularly in a blog world where folks write first and check facts later-and you could do a ton of damage to Lenovo and maybe improve your bottom line.
Sign up for CIO Asia eNewsletters.