this post was submitted on 17 Sep 2024
566 points (99.1% liked)

World News

39173 readers
3795 users here now

A community for discussing events around the World

Rules:

Similarly, if you see posts along these lines, do not engage. Report them, block them, and live a happier life than they do. We see too many slapfights that boil down to "Mom! He's bugging me!" and "I'm not touching you!" Going forward, slapfights will result in removed comments and temp bans to cool off.

We ask that the users report any comment or post that violate the rules, to use critical thinking when reading, posting or commenting. Users that post off-topic spam, advocate violence, have multiple comments or posts removed, weaponize reports or violate the code of conduct will be banned.

All posts and comments will be reviewed on a case-by-case basis. This means that some content that violates the rules may be allowed, while other content that does not violate the rules may be removed. The moderators retain the right to remove any content and ban users.


Lemmy World Partners

News [email protected]

Politics [email protected]

World Politics [email protected]


Recommendations

For Firefox users, there is media bias / propaganda / fact check plugin.

https://addons.mozilla.org/en-US/firefox/addon/media-bias-fact-check/

founded 1 year ago
MODERATORS
 

South Korea's military has been forced to remove over 1,300 surveillance cameras from its bases after learning that they could be used to transmit signals to China, South Korean news agency Yonhap reported.

The cameras, which were supplied by a South Korean company, "were found to be designed to be able to transmit recorded footage externally by connecting to a specific Chinese server," the outlet reported an unnamed military official as saying.

Korean intelligence agencies discovered the cameras' Chinese origins in July during an examination of military equipment, the outlet said.

you are viewing a single comment's thread
view the rest of the comments
[–] Wispy2891 -3 points 2 months ago (1 children)

So if they purchased Ring cameras that are feeding everything to American AWS servers it would be ok?

Seems stupid that in a military install they're using cloud shit

[–] [email protected] 4 points 2 months ago* (last edited 2 months ago) (1 children)

Well, they did remove it when they found out. But....

Look. I'm looking at a Thinkpad. Lenovo owns that line now. I dunno if they can push firmware updates to old, pre-Lenovo models, but they can to current versions. Those things are pretty common in a business setting. AFAIK, the US has never raised any issues with Lenovo and security a la Huawei. But if there was an honest-to-God, knock-down, drag-out war, I assume that Beijing is gonna see whether it can leverage anything like that. And I've got, what...a microphone? A camera? Network access? Maybe interesting credentials or other things in memory or on my drive? I mean, there are probably things that you could do with that.

Then think of all the personal phones that military people have. Microphone. Camera. Network access and radio. Big fat firmware layer.

My guess is that if you did a really serious audit of even pretty secure environments, you'd find a lot of stuff floating around that's potentially exploitable, just due to firmware updates. If you exclude firmware updates, then you're vulnerable to holes that haven't been patched.

Okay, maybe, for some countries, you can use all domestic manufacturers. I don't think that South Korea could do that. Maybe the US or China could. But even there, I bet that there are supply chain attacks. I was reading a while back about some guy selling counterfeit Cisco hardware. He set up a bunch of bogus vendors on Amazon. His stuff got into even distribution channels with authorized Cisco partners, made it into US military networks.

https://arstechnica.com/information-technology/2024/05/counterfeit-cisco-gear-ended-up-in-us-military-bases-used-in-combat-operations/

Counterfeit Cisco gear ended up in US military bases, used in combat operations

That guy was just trying to make a buck, though I dunno if I'd have trusted his products. But you gotta figure that if that could have happened, there's room for intelligence agencies to make moves in that space. And that's the US, which I bet is probably the country most-able to avoid that. Imagine if you're a much smaller country, need to pull product from somewhere abroad.

[–] pycorax 8 points 2 months ago (1 children)

Look. I'm looking at a Thinkpad. Lenovo owns that line now. I dunno if they can push firmware updates to old, pre-Lenovo models, but they can to current versions.

China aside, Lenovo has lost all semblance of trust after the whole Superfish debacle. Sure it's been more than a decade now but their response to that and the fact that it was even approved internally calls a lot into question. I wouldn't dare go near any of their devices.

[–] [email protected] 5 points 2 months ago (1 children)
[–] [email protected] 1 points 2 months ago

Ok so after a quick read it looks like they bundled some software which allowed third parties to eavesdrop on https traffic with a fairly trivial hack?

I've had lenovo laptop's forever. I could be described as a fan boy. I'd never heard about this. It's never nice to hear that something you're a fan of has problems like this.

I guess the only mitigating factor is that it wasn't intentional on Lenovo's part.