Company from Taipei flashes some Intel equipment, then it appears to function correctly, but can be bricked remotely with a specially crafted incoming packet.
I think you're reading way more into this, than there is to it.
Taiwan (Republic of China) is by the way, basically it's own country with it's own leadership and currency. I find it somewhat hard to put China (People's Republic of China) and Taiwan (Republic of China) together.
Just to clarify, there's a difference between a Special Administrative Region like Hong Kong or Macau, and Taiwan. While Hong Kong is largely self-governing internally, it's still part of the PRC. Meanwhile, Taiwan (the ROC) was founded by people ousted during the revolution. It's like saying North and South Korea are 'basically' their own countries. Politically they aren't even friendly.
Indeed, I guess I was a little too fuzzy in how I phrased myself in hind sight. Thanks - a good addition in itself.
I guess the only really suitable way of explaining the situation is "It's complicated.". It's a colourful situation and in no way is it neither black nor white.
I have commented about this in the past; when I was at lockheed, in 2006, we had security debriefings about chinese hacking attempts.
There were trojans on the network that were sending little data packets back to china... but more interestingly:
Lockheed employees were not allowed to connect their macines to any foreign network. Even of those which were suppliers.
There was a supplier in Taiwan where employees would go and would transfer some files via sneakernet (USB keys) - the supplier had been hacked and the chinese were using the Taiwanese suppliers machines to attack the lockheed employees via the transfer of the USB sticks.
The point is that don't underestimate Chinese hackers and the potntial vectors they are willing to exploit.
Well, I suppose the argument would go that a Taiwanese engineer would, by dint of shared language and culture, be more susceptible to coercion and bribes than someone from europe, south asia, etc...
And I agree that you don't want to be too paranoid about this stuff. But at the same time, if you were expecting and looking for an "illicit backdoor" in hardware, this is exactly the kind of thing you'd expect. Firmware in a place virtually no one knows about gets modified on a per-product basis to do nefarious things. And this is exactly how you'd expect such a modification to be discovered, by accidentally introducing a bug that distinguishes itself from the clean parent.
I mean, I'm not screaming "spy" here, but if I were to have read this story in a techno-thriller novel I'd be writing a post applauding the author for her excellently researched and eminently plausible plot hook.
Well, I suppose the argument would go that a Taiwanese engineer would, by dint of shared language and culture, be more susceptible to coercion and bribes than someone from europe, south asia, etc...
You could try to make that argument, but I've always figured it would go kind of the other direction. Every Taiwanese national I know is a fierce supporter of Taiwan's independence of China, and China certainly does all it can to foster that every time it tries to annex the country.
Trust, but verify. With everything that we know, it's silly to not be paranoid.
I got pretty excited about election integrity for a while.
The default position of the defenders of the status quo was "I can't believe you don't trust us. Prove there's something wrong. You 'experts' in computers, security, and elections are just a bunch of conspiracy freaks."
My default position is "show me". That skepticism merely makes me an informed consumer.
If this were a DoS backdoor, it would've not been that much harder to make it less discoverable. Just use two magic bytes, or three. The chance of false positive are virtually zero and yet you'd still be able to use basic ICMP/ping to trigger it if needed.
A backdoor that bricks the device, but only if it's the first packet received, isn't terribly useful. The more plausible explanation is that it's a bug that was introduced by the actual backdoor that still remains undiscovered.
Taiwan (Republic of China) is by the way, basically it's own country with it's own leadership and currency. I find it somewhat hard to put China (People's Republic of China) and Taiwan (Republic of China) together.