So this is an interesting underreported story from February 2018 – as it turns out, iPhones sold in China will soon use specific NAND chips made by a specific Chinese company that won’t be used in iPhones sold outside of China.
Apple is in talks with state-backed Yangtze Memory Technologies to buy NAND flash chips from it, a move that will mark the U.S. giant’s first purchase from a Chinese memory chipmaker and a huge boost to the local sector.
[…]
Whether Apple is under any pressure to buy from Chinese makers is unclear. Afterall, China has been known to apply pressure on foreign technology companies that want to operate within the country. One thing is for sure, Chinese deals will help Apple grow its business there, according to an industry executive.
[…]
As such, the earliest that the deal could come into fruition will be 2019 but industry sources say it is more likely to be after 2020 before Yangtze Memory can produce enough of the components at a standard that Apple requires. Apple will use these chips in new iPhone models and other products for sale in the Chinese domestic market specifically, according to two people familiar with the matter.
So, Apple has already handed over the iCloud data of its Chinese customers to the Chinese government through a government-owned datacenter company, and soon, iPhones sold in China will use China-specific NAND chips that won’t be used in iPhones outside of China. With yesterday’s Bloomberg story fresh in our minds, is it really that far-fetched to assume these China-specific NAND chips are unsafe, or perhaps even have a backdoor in them that weakens on-device encryption?
There is no way that the Chinese government would somehow exempt Apple from aiding in government surveillance, and these seemingly unrelated news stories all seem to suggest that Apple is, indeed, doing so.
Slightly off-topic, but this item seems to me to align with a special report in UK new media yesterday (on Channel 4) regarding the “reeducation centers” for indigenous Uyghurs within their homeland (Xinjiang). And therefore I’ll continue
Not only does this cultural “reeducation” (toward Han Chinese and Chinese Communist Party “accepted norms”) seem only a mere hop, step, let alone jump, from the type of more violent ethnic cleansing the Rohingya have been suffering in Myanmar — apparently, so the report continued….the Communist Party Subjugation and Control Apparatus have been using(abusing) this Uyghur population to beta test a variety of the latest and greatest mass surveillance technologies (from widespread facial recognition cameras, to smart-card ID chips monitoring entrance/exits to buildings, to smartphone tech that recognizes messages going to or CC’ing dissidents..and makes sure they never arrive—This was shown happening live).
Orwell apparently didn’t go far enough!
Lao TzÅ and even Confucius would be turning in their graves….
Edited 2018-10-05 19:13 UTC
Lao TzÅ is turning for sure, running a country like frying a small fish etc..
Maybe not Confucius who valued social harmony and collectivism over individual rights. Basically the Chinese are trying to prevent another IS on their doorstep. and would see the “re-education” as the price for harmony. I appreciate that not all would agree with this rights infringement regardless of the goal.
Back on topic – it’s been common practice for decades to require companies (usually American) to invest locally for market access. Boeing did this with the Dreamliner to an extreme causing a lot of delays on integration of the final aircraft, but hopefully no spy NANDs. No Chinese parts either, other then Dreamliners are full of iPhones ;-).
Thom Holwerda,
Not to question china’s motivation for adding backdoors to products (or the US backdoors for that matter), but something here doesn’t seem to add up. NAND flash chips don’t do encryption. It wouldn’t be practical to apply crypto here because the individual bits in NAND flash are notoriously unreliable and generally require controllers to apply error correction, wear leveling, and remapping algorithms to create what we would consider “raw bytes” on storage medium. By the time the NAND flash chips get information, it will already have been encrypted. So it’s not clear to me what adding a “backdoor” to NAND flash chip would even mean?
So unless the article misspoke and meant flash controllers or other kinds of chips, then I don’t think the backdoor theory is plausible. IMHO a more likely explanation is that forcing apple, a US company, to buy parts from china may be a move by china to respond to the trump trade war.
Given the whitehouse recently moved to impose another $200B in taxes on chinese goods, it wouldn’t surprise me if China was responding to the US protectionist policies with it’s own protectionist policies. For better or worse, this is our new world.
https://www.politico.com/story/2018/07/10/trump-china-trade-tariffs-…
But after the story of the possibly compromised motherboards, who can say what is on those NAND chips.
Stallmans MIPS based open hardware laptop is looking better every day.
There was also an interesting article about using an Apple II for Nuclear Weapons inspection because it’s easier to inspect for possibly hidden compromises.
https://hackaday.com/2018/01/10/34c3-vintage-verification-stop-nucle…
Lemote Foolong 2E.
whartung,
Doesn’t the risk stems more from the origin of the chips rather than the architecture those chips are running? Even a chip that ostensibly implements 6502 could be backdoored.
I would expect that the inspecting countries could use multiple implementations from multiple sources. Diversity adds redundancy against both intentional and accidental instrumentation flaws & backdoors. If any of the implementations disagree, you know something’s up. In many respects, monocultures & lack of diversity are one of the biggest threats to security because it represents a single point of failure.
Edited 2018-10-06 06:26 UTC
Wasn’t it made in China / with Chinese CPU?
(supposedly the Chinese love MIPS)
If IOS has actually working encryption the data on the flash chips should be encrypted, this is likely only forcing Apple to source from Chinese supplies, and thus leave more profits in China.
I suspect some Chinese company stole flash technology from another country like they usually do and now they want to force crapple to buy “their” product or they made enough money on selling counterfeit products based on stolen designs (it’s cheap when you have no R&D cost), and developed “similar” design to existing products.
Edited 2018-10-08 09:19 UTC
agentj,
I’m sure there’s some truth to that, it bothers me when there are counterfeit products sold to unsuspecting buyers. But we can’t ignore how screwed up IP is in the west. This is especially the case with patents, where corporations will sue others for ideas even when they weren’t based on the patent owner’s work. We ought to be wary of companies that claim exclusive rights to inventions across the world. Even in the US there is a huge problem of companies monopolizing ideas and impeding others from independently developing them.
In an industry with few inventors, the chances of overlapping the work of others will be lower. But when there are thousands working across the globe in the same field, the chances of idea overlap are practically 100% to the point where it becomes difficult/impossible to avoid patented works. Giving the rights of an idea to one patent owner robs all others of the fruits of their work. To make matters worse, our patent system has been transformed into a weapon that’s no longer about protecting inventions, but deliberately patenting all conceivable variations to force competitors to infringe.
In short, we need to distinguish between instances of insiders stealing designs and using them to replicate products versus Chinese engineers who legitimately develop competing products or clones using their own time & resources. I know it fits the American agenda to gloss over these distinctions, but in terms of ethics, it does matter.
Edited 2018-10-08 17:48 UTC