NSA, GCHQ ban Lenovo PCs due to security concerns

Five Eyes ban biggest PC supplier on classified networks after finding security vulnerabilities in Lenovo chips

Lenovo, the biggest PC supplier in the world, has seen its PCs banned from the secret networks of the intelligence and defence services of the UK, US, Australia, Canada and New Zealand - otherwise known as the Five Eyes.

Sources from intelligence and defence entities in the UK and Australia have confirmed the ban on PCs made by the Chinese company being used in "classified" networks, according to the Australian Financial Review (AFR).

A GCHQ spokesperson could not confirm or deny that a ban had been enforced.

"As a matter of policy we don't routinely discuss either the names or nature of suppliers to GCHQ on any aspect of our business," the spokesperson told Computing.

AFR claims that the ban was introduced half way through the 2000s after Lenovo chips were found to have "back-door" hardware and firmware (the interface between a PCs hardware and its operating system) vulnerabilities in Lenovo chips.

The sources said that malicious modifications to Lenovo's circuitry - more sophisticated than zero-day vulnerabilities - were discovered that could allow people to remotely access devices without the users' knowledge.

The report goes on to state that in 2006, the US decided not to use 16,000 new Lenovo PCs on classified networks because of security concerns. The change was thought to be due to anti-China trade sentiment.

It has been suggested that Lenovo has ties with the Chinese government as the Chinese Academy of Sciences, a Chinese government body, owns 38 per cent of Legend Holdings, which in turn is Lenovo's largest shareholder, owning 34 per cent of the PC maker.

More recently there have been high profile concerns about Chinese telecommunications firm Huawei's association with the Chinese government. The firm was set up by current president Ren Zhengfei, a former major in the Chinese People's Liberation Army.

Lenovo, which acquired IBM's PC business in 2005, still supplies PCs for "unclassified" government networks across Western nations including Australia and New Zealand, and it said it was unaware of a ban on "classified" government networks.

"Our products have been found time and time again to be reliable and secure by our enterprise and public sector customers and we always welcome their engagement to ensure we are meeting their security needs," the company said in a statement.

Update (30/07): The Australian Department of Defence has issued a statement denying that it has placed a ban on Lenovo products.

"This reporting is factually incorrect. There is no Department of Defence ban on the Lenovo Company or their products; either for classified or unclassified systems," it said.