China Cyber Association Calls For Review of Intel Products Sold In China

The Cybersecurity Association of China (CSAC) has recommended a security review of Intel's products sold in China, accusing the U.S. chipmaker of harming national security and citing vulnerabilities in its chips. Reuters reports: While CSAC is an industry group rather than a government body, it has close ties to the Chinese state and the raft of accusations against Intel, published in a long post on its official WeChat account, could trigger a security review from China's powerful cyberspace regulator, the Cyberspace Administration of China (CAC). "It is recommended that a network security review is initiated on the products Intel sells in China, so as to effectively safeguard China's national security and the legitimate rights and interests of Chinese consumers," CSAC said. [...]

CSAC in its post accuses Intel chips, including Xeon processors used for artificial intelligence tasks, of carrying several vulnerabilities, concluding that Intel "has major defects when it comes to product quality, security management, indicating that it is extremely irresponsible attitude towards customers." The industry group goes on to state that operating systems embedded in all Intel processors are vulnerable to backdoors created by the U.S. National Security Agency (NSA). "This poses a great security threat to the critical information infrastructures of countries all over the world, including China...the use of Intel products poses a serious risk to national security." CSAC said.

Clever Move

[logicnazi]

That's a clever move. China knows that the US is turning to intel out of concern that China could either destroy TSMC (e.g. in an invasion) or has agents who can report on vulnerabilities to them. Taking action to limit intel sales in China is an effective way to handicap the US's attempt to protect their access to high end lithography.

Sure, it's not like intel doesn't have security issues or problems. But from a security POV they are no worse than AMD and probably no worse than companies like Apple (who

Re: Clever Move

[knoledgesponge]

I was thinking the same thing. So be it. It is what it is. I do appreciate the extra eyes and hope this leads to a greater awareness and a more secure architecture for everyone.

Re:

[drinkypoo]

But from a security POV they are no worse than AMD

That's just not true. AMD is vulnerable to most of the same attacks as Intel, but mitigation is reliably cheaper and exploits are typically more difficult.

Re:

[gweihir]

Indeed. But Intel has better marketing, i.e. professional liars.

Re:

[drinkypoo]

Indeed. But Intel has better marketing, i.e. professional liars.

They also have more numerous fanboys, who have apparently built their identities around worshipping Intel based on their simp factor 10 denial of everything wrong they have ever done. There are people out there with Intel Inside tattoos... rent free in their heads, apparently.

oh look I hurt someone's feewings

[drinkypoo]

Intel is a public corporation, it doesn't give a shit about you and it doesn't appreciate your simping. It will happily take your money and hand it to the people you claim to despise, though

Re:

[gweihir]

Indeed. I never understood that particular stupidity, until I looked into Authoritarianism. Apparently, any entity that is perceived as powerful acquires "authoritarian followers", which are non-rational and as dumb as bread. Marketing, political propaganda and personal charisma is commonly used to amplify and accelerate that effect. These followers will then aggressively defend that entity for free, up to and including murder, personal bankruptcy and the complete surrender of any rationality. This is stron

Re:

[AmiMoJo]

AMD also licences designs to Chinese manufacturers, who strip out some of the security related stuff (like the TRNG and crypto instructions) and replace it with domestic versions. The chips are produced on a larger node and don't perform as well, but they have the advantage of being domestic and thus suitable for government contracts.

There is no a general move away from x86 and US software like Windows for that sort of work anyway. ARM is popular, and MIPS has been in use for many years, and RISC V is up-an

Re:

[drinkypoo]

I fully agree that the increasing diversity of architectures is exciting. Too long we have been dominated by x86 and then amd64 on the desktop; also for too long, there has only been one other credible enterprise architecture (POWER). The rise of ARM and RISC-V gives me hope that we will continue to see innovation despite entrenchment.

Re:

[Freischutz]

That's a clever move. China knows that the US is turning to intel out of concern that China could either destroy TSMC (e.g. in an invasion) or has agents who can report on vulnerabilities to them. Taking action to limit intel sales in China is an effective way to handicap the US's attempt to protect their access to high end lithography.

Sure, it's not like intel doesn't have security issues or problems. But from a security POV they are no worse than AMD and probably no worse than companies like Apple (whose chips may seem more secure because information is more restricted and security researchers have fewer tools).

What does access to high end lithography equipment have to do with Intel? As far as I know most of the really top of the line lithography machines used in cutting edge chip production are made by ASML in the Netherlands (despite the Europeans supposedly having no tech industry) especially extreme ultraviolet lithography (EUV) machines. Intel is in fact heavily reliant on ASML's EUV tech for the production of high-performance chips. If the US wants to secure for itself some kind preferential access to ASML l

Re: Clever Move

[flyingfsck]

Ayup, Europe has chip foundries also - more than 70. American tech writers just donâ(TM)t know about them because they donâ(TM)t understand the languages.

Re:

[drinkypoo]

What does access to high end lithography equipment have to do with Intel? As far as I know most of the really top of the line lithography machines used in cutting edge chip production are made by ASML in the Netherlands

That's where ASML is based, but their engineers are all over the planet. ASML is an international effort. That's why China doesn't have a hope in hell of matching them. It takes a planet.

But in response to your question, superior process technology was Intel's only technical advantage. Now that they no longer have it, they are no longer the fastest around, but they absolutely did for decades and people forget that when they try to understand how AMD has seized the performance crown.

On top of that I seriously hope both European and US intelligence agencies have that company under a microscope hunting for IP thieves, that and made sure ASML's computer systems are not accessible from the internet like those of F-35 contractors because I guarantee you the Chinese in particular probably have an entire taskforce with an unlimited budget dedicated to breaching their systems and stealing their research data.

They definitely are consi

Re:Clever Move

[iAmWaySmarterThanYou]

> Taking action to limit intel sales in China is an effective way to handicap the US's attempt to protect their access to high end lithography.

Uh wut? Sure they can beat on American companies in the on going trade war for Cold War reasons but how does this demand for a security review in any way handicap the US's effort to limit high end shipments to China? Those are two unrelated topics. Intel is not going to send China the plans for a cutting edge lithography machine or start sending higher end chips in violation of sanctions.

IMO, we should be working hard to separate our economy entirely from China anyway. In the same way some American companies, to their shame, supported Nazi Germany long after knowing what evil shit they were, we should get out of China asap, too. We don't need their money or goods so badly that we should deal with them at the expense of our morals and ethics.

I supported Trump starting the trade war and supported Biden doubling down on key aspects of it. We should continue that path until full separation is achieved. Don't trade will evil countries is something all leaders should easily agree with no matter their other politics.

They are not wrong

[gweihir]

For example Intel rdrand is and remains a compromised design.

But y tho?

[CEC-P]

So unfair! I mean, there was only rowhammer and specter and meltdown and the entire train wreck of Intel ME. It's not like they have a track record of saying "we're too big to fail so who cares."

I have seen the same

[AcidFnTonic]

I mean its not too hard to see thatâ¦. Remember the Intel whistleblower who said to be promoted to the management engine team they would need to obtain a security clearanceâ¦

Why would that be if the management engine wasnt the memory reading spy tool we all know it isâ¦

Not entirely wrong.

[Gravis Zero]

"has major defects when it comes to product quality, security management, indicating that it is extremely irresponsible attitude towards customers."
"This poses a great security threat to the critical information infrastructures of countries all over the world, including China...the use of Intel products poses a serious risk to national security."

I would say this is a proper assessment of Intel.

The industry group goes on to state that operating systems embedded in all Intel processors are vulnerable to backdoors created by the U.S. National Security Agency (NSA).

This gives the NSA too much credit but I understand why they might think so. The actual hardware design flaws are clearly the result of placing a priority on performance above security concerns. It would be far more plausible if the NSA provided hardware bug finding support like they do for software and MS Windows: fix the easily found stuff, keep the deep compromises secret. The NSA has a suuuper heavy focus on being undetected, so making a direct request fo

Re:

[drinkypoo]

Given what we know about America's unconstitutional citizen spying programs and the fact that Intel is a defense contractor, I would say there is a 100% chance that the management engine has NSA backdoors. Not "created by the NSA" which is a dumb take, but "created for the NSA". Why would the NSA have to create them, when they can just send a memo and request them?

Your argument about a paper trail is unconvincing because distribution will be limited based on need to know, and the documents will be carefully