Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Network Networking Security

Lenovo Discovers and Removes Backdoor In Networking Switches (bleepingcomputer.com) 42

An anonymous reader writes: Lenovo engineers have discovered a backdoor in the firmware of RackSwitch and BladeCenter networking switches. The company released firmware updates last week. The Chinese company said it found the backdoor after an internal security audit of firmware for products added to its portfolio following the acquisitions of other companies. Lenovo says the backdoor affects only RackSwitch and BladeCenter switches running ENOS (Enterprise Network Operating System).

The backdoor was added to ENOS in 2004 when ENOS was maintained by Nortel's Blade Server Switch Business Unit (BSSBU). Lenovo claims Nortel appears to have authorized the addition of the backdoor "at the request of a BSSBU OEM customer." In a security advisory regarding this issue, Lenovo refers to the backdoor under the name of "HP backdoor." The backdoor code appears to have remained in the firmware even after Nortel spun BSSBU off in 2006 as BLADE Network Technologies (BNT). The backdoor also remained in the code even after IBM acquired BNT in 2010. Lenovo bought IBM's BNT portfolio in 2014.

This discussion has been archived. No new comments can be posted.

Lenovo Discovers and Removes Backdoor In Networking Switches

Comments Filter:
  • by Andre Dias ( 3819801 ) on Monday January 15, 2018 @12:38PM (#55932515)
    Some american FISA court has to stop this crazy chinese from stepping over their orders.
    • by Anonymous Coward

      There is only one FISC and it doesn’t actually give out orders. If you’re gonna try to create a conspiracy at least gets your facts straight.

  • by Anonymous Coward

    Better to make it look like an accidental "vulnerability" like how intel does it.

  • by pnutjam ( 523990 ) <slashdot@@@borowicz...org> on Monday January 15, 2018 @12:40PM (#55932523) Homepage Journal
    TFA says they are calling it the "HP backdoor", but it was installed by Nortel at the request of Enterprise customers (government ones?). Is this just a nice attempt to smear HP? As an ex hp'er I approve, but I'm curious.
    • by Anonymous Coward on Monday January 15, 2018 @01:02PM (#55932705)

      Not an "enterprise" customer but a customer that embeds the switches in their own product or solution, hence the term OEM. Presumably HP requested the backdoor for some reason (ex. easier support, CIA request, etc) and Nortel complied.

      I guess it's pretty funny to name the backdoor after the requester. Allegedly.

  • Really? (Score:5, Insightful)

    by GrumpySteen ( 1250194 ) on Monday January 15, 2018 @12:43PM (#55932553)

    One customer asked for a backdoor and they added it to all their products, giving that customer access to all of their customers' systems? Who the hell would authorize that?

  • by Anonymous Coward

    Yeah, right. In other news, Lenovo engineers executed by Chinese government for tampering with government code.

  • by Monster_user ( 5075027 ) on Monday January 15, 2018 @12:45PM (#55932571)
    So, around about 2002, Nortel got hacked by hackers in China. This hack was not completely dealt with for at least ten years.

    So,... How was this vulnerability discovered? Could it have been "discovered" by its creator?
    • by Luthair ( 847766 )
      Its literally in the first paragraph of the summary. Its no longer RTFA its RTFS.
      • by Monster_user ( 5075027 ) on Monday January 15, 2018 @01:14PM (#55932779)
        There is enough possibility left open, that RTFS doesn't quite discredit the implication I suggested. This was added to ENOS during a time when someone in China had a full backdoor into Nortel's systems, which apparently went undetected until 2004, and was not fully detected at least until 2012. http://www.zdnet.com/article/n... [zdnet.com]

        This might have been requested by HP, as another commenter suggested elsewhere, and then incompetence spread it to equipment beyond the requester's equipment. Or it could have been compromised code planted by the hackers, hiding it as HP requested code. Yet another option is that this was code intended for HP equipment, which the hackers then approved for non-HP equipment.

        We also don't know if any of the hackers involved in the incident(s) from 2000-2012 are employed with Lenovo. It is logical to assume they would have valuable expertise and skills.
  • by Anonymous Coward

    Part of the procedure that they have for adding Chinese government backdoors, is to check if there are already any other backdoors there...

  • FYI (Score:4, Interesting)

    by fubarrr ( 884157 ) on Monday January 15, 2018 @01:38PM (#55932947)

    FYI: Nortel used to be big with North American defence contractors

    The fact that Lenovos did the audit in first place itself tells that Chinese were hoping to shop for more than just an average network gear supplier

  • Comment removed based on user account deletion
  • and fixed it by changing the password.

  • Oh right: https://news.slashdot.org/stor... [slashdot.org]
    Posted by samzenpus on Thursday July 11, 2013 @09:06PM:
    For the second time in a month, Hewlett-Packard has been forced to admit it built secret backdoors into its enterprise storage products.

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...