Do Lenovo Laptops Pose a Security or Privacy Risk?

Topic

New Reply

A 2/16/23 article by Kim Komando ends with the statement, “The military isn’t taking chances. In 2008, Marines stationed in Iraq stopped using Lenovo tech after discovering data was being transmitted back to China. The U.S. Air Force replaced $378 million worth of servers purchased by Lenovo.  Have a Lenovo machine at home or work? I suggest you replace it.”

Source: https://www.usatoday.com/story/tech/columnist/komando/2023/02/16/tech-apps-products-ties-china/11250875002/

My question to this educated group is:  is this a real threat, and if so what is the real risk (/probability) to an “average” home/small business user?

I have a (self upgraded) Lenovo IdeaPad S340 that is my primary workhorse.  I do everything on it from day-to-day stuff (like this and web browsing) to critical things like banking and all things financial, including taxes and accounting etc for myself and a 1-unit rental business.

I need something as reliable and secure as reasonably affordable.  So just how much of a risk is Lenovo?  Would this risk increase if we went into a cold or a hot war with China?

Is Lenovo really any more risky than any other like product (which I assume most have at least some components “made in China”) ?  If any or all of this is true and the risk(s) real; are there “safer” and more secure brands (say, HP or Dell for example) that are also relatively affordable?  What do you think and what would you recommend?

I know I have a lot of questions; but I don’t know where else I can go to get an authoritative answer.

Thank you!!

Reply | Quote

Replies

“Do Lenovo Laptops Pose a Security or Privacy Risk?”

Of course. Lenovo laptops, tablets… Motorola Smartphones.. all come with backdoors pre-installed with access by the Chinese Communist party and Chinese government.

If I where you I would also remove every hardware/gadget in my home (it means EVERYTHING) including your car as they contain Chinese chips and who can be certain they don’t transmit data to China.

/s

Florida wants Apple & Google to label apps made outside US

..Republican Florida Attorney General Ashley Moody wants Apple and Google to flag foreign-owned apps on iPhone and Android, citing a potential national security risk…
“We must ensure that consumers have the information needed to make informed decisions about their data privacy and security,” Moody said in a letter to Apple and Google. “The existing lack of transparency in app stores can create a significant risk for Americans citizens and could cause their personal information to be exploited by foreign entities of concern.”..

* (IBM) Lenovo laptops user for the last 20 years.

Reply | Quote

We would have no technology left if we removed everything that has Chinese tech.

“of course”.  Got proof of these back doors?

Susan Bradley Patch Lady/Prudent patcher

3 users thanked author for this post.

rick41, TechTango, Alex B

Reply | Quote

 

“We would have no technology left if we removed everything that has Chinese tech.”

This is what I figured.

And from the comments so far; sounds like this is nothing to actually concern myself with.  Thank you to those who offered constructive comments.  I appreciate it!

Best regards,

Alex

Reply | Quote

Several suggestions:

• Evaluate sources carefully.
• Read a broad spectrum across many sources.
• Evaluate information carefully.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

geekdom wrote:

Several suggestions:

• Evaluate sources carefully.
• Read a broad spectrum across many sources.
• Evaluate information carefully.

• Ignore

I really doubt Beijing is interested in your shopping lists/emails/social media/whatever unless you’re on a POI (Person Of Interest) list… in which case I suspect Beijing is the least of your problems. Look closer to home.

(Disclaimer: I’ve used IBM then Lenovo laptops for years in business. Although retired for years, I still have a Lenovo i7 Thinkpad X1 which I really like… but my tired old eyes don’t. )

1 user thanked author for this post.

Alex B

Reply | Quote

Windows 11 has a short cut in the menu to an advertisement to download the TicTok app for heavens sake.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Rick Corbett wrote:

I really doubt Beijing is interested in your shopping lists/emails/social media/whatever unless you’re on a POI (Person Of Interest) list… in which case I suspect Beijing is the least of your problems.

I am not so much worried about my personal info leaking as I am of a distributed attack that disables or compromises our telecommunication systems. You would not see it until it is too late.

Just because you don't know where you are going doesn't mean any road will get you there.

1 user thanked author for this post.

Cybertooth

Reply | Quote

For anyone concerned about their data possibly going to potentially or openly hostile countries, there is at least one cybersecurity application (BlackFog) that enables the user to block Internet addresses by country (geofencing). Some firewalls may also be able to do this, but I have no specific knowledge in that regard.

One might also look into the possibility of geofencing via the router.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

Alex5723, Alex B

Reply | Quote

Alex B wrote:

The U.S. Air Force replaced $378 million worth of servers purchased by Lenovo. Have a Lenovo machine at home or work? I suggest you replace it.”

I wouldn’t, if that was the only reason.

The concerns of the Air Force and of ordinary people are very different.

By their very nature, computers owned or used by the US military are privy to all kinds of information that China would love to have. The US military has a strong interest in making sure they don’t get it. Certain people or corporations with access to strategically important information may also have such an interest.

Regular Americans are not of any strategic interest to China. While the information that they could gather about any given regular American would be of interest if the person was in China, where the Chinese government exerts a very high level of control of people’s daily lives, these bits of information about the ordinary lives of regular people are of no use to China for people who are (and will remain) outside of China’s jurisdiction.

If you may be traveling to China at some point, the potential for leaked data to China may give you pause, as the things they learn about you now could hypothetically impact their decision whether to let you in, or they could hypothetically wait until you deliver yourself to their jurisdiction and then take advantage of the situation. But if you have no plans to ever visit China, whatever they collect is just space wasted on their servers.

It is known that China keeps tabs on dissidents outside of their borders, and certainly it would be within the realm of possibility that they could send agents to silence someone. Would they do this? If it was North Korea or Russia, I would say that they certainly would, based on past (recent) behavior, if the person is a big enough thorn in their side (which the large majority of people will never be). Would China? I’d say ‘probably,’ if the fish was big enough, but then I would say the same about the American government. By far, most of us fall far short of that level of interest to any nation state.

One thing is certain, though… if you are on the “get ’em” list of a nation state (as is Edward Snowden, for example), having a PC give away information (beyond what every PC running Windows would do) is just one of hundreds of potential sources of data you’d have to worry about… and not even one of the worst ones. Your phone probably gives away much more information (including real-time location info) than that without even having any secret spying bits.

I would be much more concerned about a computing device sending that information to my own government, since that is the one best positioned to use that info in a way that will be a problem for me. We know they already do this, massively, in the open. All of that info collected by Google, Facebook/Meta, or Microsoft must be presumed to be in the hands of the US government as well, given that it’s theirs for the taking if they write a nice national security letter asking for it. The amounts of data generated by and about any given person, on a daily basis, are staggering, and most of it is from American companies on American soil.

China? No concern of mine until I start thinking about going there, which I have no plans to do.

It is possible that mass surveillance of all Americans by China could occasionally capture some tidbit that would benefit the Chinese government, something the US government would not want to happen, but I suspect that the odds of this are small.

The US government captures so much information about Americans (ostensibly for the purpose of fighting terrorism) that it has proven impossible to separate the signal from the noise. Only in retrospect (after an attack has taken place) can the government look at the data collected and point out where it should have figured it out in advance. In practice, collecting that much data about everyone captures so much noise that any signal is lost in the cacophony.

The more China collects, the more noise they have to sift through… and if trying to separate the signal from the noise from 330 million Americans is tough, the Chinese really have their hands full with trying to do that with more than four times that many Chinese, let alone the non-Chinese people across the rest of the world.

I would say it is not really a concern in a practical sense if a Lenovo device is phoning home to China. It’s creepy, and I would not want my device doing that simply because I want to be in control of what my stuff does, but in terms of actual threat, I don’t think there really is one for anyone not planning to go to China.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

2 users thanked author for this post.

kraf4mi, Alex B

Reply | Quote

I tend to agree with what you’ve written.

However, my main concern really was (if say in a hot war with China); they’d take, for example, the financial logins they acquired and try to wipe out a general swath of US citizen’s finances etc.  Or if they were to combine that info with all the OPM data they stole a few years ago and then target federal employees specifically.  A simple name and address search between databases would make that easy.

Could you imagine if every US federal employee suddenly had to take time off work to deal with identity theft?  If I were a strategist I might recommend something like that when resources allowed in an asymmetrical war.  Or even just sell it on the dark web and let criminals do the work.

I also know what can be thought of vs what is implementable, vs what is practical (likely) can be very different.  So, I was just wondering how practical something like my example scenario would be so one could at least do a thought experiment and maybe come up with some sort of qualitative risk assessment.

In reality a widespread electrical and/or water grid attack would probably prove more likely and effective…  IDK.  Like I said, interesting thought experiments.  But sounds like I’ve likely got more important things to spend my energy on.  Like taxes right now, or changing my remaining LastPass passwords after the recent breach (despite a very long & complex passphrase &2FA), etc.

Thanks for all the feedback!

1 user thanked author for this post.

Cybertooth

Reply | Quote

Susan Bradley wrote:

Got proof of these back doors?

@Susan. You have missed the /s in my post.

Bloomberg’s fake news :

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources…

Bloomberg resurrects Super Micro spy chip story; NSA still ‘befuddled’ by the claims

* This is the same as Kaspersky’s paranoia with no Shred of evidence.

1 user thanked author for this post.

Alex B

Reply | Quote

That article is almost pure FUD.
The best they can do is claim things might be bad because a very small part of the US military stopped using X brand 15 years ago.

Clickbait score =  100%

cheers, Paul

Reply | Quote

Susan Bradley wrote:

Windows 11 has a short cut in the menu to an advertisement to download the TicTok app for heavens sake.

The new Mercedes E-Class comes with TikTok (and Zoom) pre-installed.

Reply | Quote

Ascaris wrote:

In practice, collecting that much data about everyone captures so much noise that any signal is lost in the cacophony.

That is what filters are for.

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Ascaris wrote:

the Chinese really have their hands full with trying to do that with more than four times that many Chinese,

That means they are getting experience and getting better.

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

While installing windows on a Lenovo AIO watching the drivers being installed, one flashed by with a driver signature from Beijing. Gave me the Willys, installed Linux instead, I can’t imagine it’s not a security issue, nice hardware though. Wish I knew how to find alternative drivers for its chipset on Windows.

Reply | Quote

Marc Hunt wrote:

Wish I knew how to find alternative drivers for its chipset on Windows.

But your hardware with backdoors still exist. /s

(I am using Lenovo laptops for the last 22 Years)

Reply | Quote

China uses a very wide net when it comes to gathering information on EVERYONE but I think it’s mostly through apps. Our government does randomly check a small fraction of chips/devices coming from China looking for “backdoor” type exploits so for you and me I don’t think it’s much of a threat but the bloat ware that comes with a Lenovo computer is another matter. I have a Lenovo workstation for my CAD work but the first thing I do right out of the box is wipe and reformat the entire hard drive all partitions and reinstall the OS which is not that big of a deal but hunting down the latest drivers takes a bit more time. If you wipe and reinstall then go to the Lenovo web site for the drivers they will put the bloat ware back on with the drivers.

Reply | Quote