Experts Call for Transparency around Google’s Chinese-Made Security Keys

Discussion in 'HardForum Tech News' started by Megalith, Sep 2, 2018.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    13,004
    Joined:
    Aug 20, 2006
    Security experts are voicing their concern following the discovery of Google’s new Titan Security Keys being made by Chinese company Feitian. While the search giant “does not see an issue with working with them,” security teams fear the keys could be compromised by the Chinese government. The supply chain process has not been documented thus far.

    “The supply chain in China often is dictated by government policy,” the head of a security team based in a global, multi-billion-dollar company said. Generally speaking, one concern is that the Chinese government could potentially force Feitian to introduce some form of backdoor into the devices, or intercept the keys themselves and tamper with them, allowing the government to then access accounts of targets, for instance.
     
    GoldenTiger and AceGoober like this.
  2. DukenukemX

    DukenukemX [H]ardness Supreme

    Messages:
    4,394
    Joined:
    Jan 30, 2005
    That kinda looks familiar.

    latest?cb=20131126063117.jpg
     
    Armenius, Chupachup, Crimson and 2 others like this.
  3. DooKey

    DooKey [H]ardness Supreme

    Messages:
    8,034
    Joined:
    Apr 25, 2001
    Google could care less what anyone thinks. They're happy to support anyone with money regardless of ideology. If NK could pay for it then Google would make them a censored search engine with no qualms.
     
    Etherton and AceGoober like this.
  4. seanreisk

    seanreisk Gawd

    Messages:
    889
    Joined:
    Aug 29, 2011
    It's weird - I would have no problem buying a Huawei cell phone, but I wouldn't buy this. I'm trying to decide why the phone (which could also be compromised) wouldn't bother me, but this would.
     
  5. Paul_Johnson

    Paul_Johnson [H] Admin Staff Member

    Messages:
    15,716
    Joined:
    Aug 29, 2004
    Google doing something shady that could compromise your privacy and/or monetize your data? Shocking. Truly shocking I tell you.
     
    Bcc335, Darunion, Armenius and 10 others like this.
  6. DaBoSSs

    DaBoSSs n00b

    Messages:
    41
    Joined:
    Apr 4, 2003
    Had been considering this as a possible source to ameliorate the lack of NFC on my Samsung tablet, think i'll pass on these though, will look for another source.
     
  7. honegod

    honegod [H]ardness Supreme

    Messages:
    6,559
    Joined:
    Aug 31, 2000
    So now we are only worried about WHICH tyrannical nanny state has full access to our lives?
     
    cdr_74_premium likes this.
  8. PaulP

    PaulP Gawd

    Messages:
    776
    Joined:
    Oct 31, 2016
    I think it is reasonable to expect that the supply chain and manufacture of your security keys be transparent and documented. You are, after all, trusting them to with all your digital property.
     
    Armenius and lironmiron like this.
  9. idiomatic

    idiomatic [H]Lite

    Messages:
    70
    Joined:
    Jan 12, 2018
    Meanwhile the US govt compromising supply chains has been documented. Anything I get from the US I know has been intentionally compromised. If I get it from China I just assume it is.
     
    Aronjlove likes this.
  10. Kibagami

    Kibagami Limp Gawd

    Messages:
    336
    Joined:
    Jul 26, 2004
    I believe, that a healthy distrust of any "center of authority" is a must. There is always a tendency for any company or system/govt to do whatever it takes to attain and/or perpetuate its dominance. Whether for good or ill.
     
    cdr_74_premium likes this.
  11. Chris_B

    Chris_B [H]ardness Supreme

    Messages:
    4,997
    Joined:
    May 29, 2001

    Fixed.
     
    GoldenTiger likes this.
  12. xmadror

    xmadror Gawd

    Messages:
    674
    Joined:
    Feb 13, 2012
    I'd think that knowing the security key's info would be kinda useless unless you can associate it with a user account.
    But It also seems similar in concept to using a smartphone with a sim card, which can be cloned ...


    Of the top of my head I'd say it could be because you can always root it and install an open source os.
    No experience with Huawei but very happy with my Xiaomi A1 with aosp extended rom and mint kernel.
     
  13. Twisted Kidney

    Twisted Kidney 2[H]4U

    Messages:
    3,503
    Joined:
    Mar 18, 2013
    YEAH! The enemy du jour might spy on us!

    Meanwhile domestic spying powers just went through yet another round of expansion.

    We're doomed.
     
  14. BloodyIron

    BloodyIron 2[H]4U

    Messages:
    3,443
    Joined:
    Jul 11, 2005
    You mean like what the NSA does to Cisco? Yeah, it's not just China fucking with supply chains...
     
  15. Uvaman2

    Uvaman2 2[H]4U

    Messages:
    3,092
    Joined:
    Jan 4, 2016
    And hp.. and all kinds of shit.
    Thing is, even if these are compromised they also need to know the target and piggy back software and shit like that i imagine. Same with Huawei, its a one off.. once discovered, thats it. I think Huawei servers are in Europe.. i doubt they would be allowed to sell there if they were so risky, and being caught once relaying info to the Chinese government would screw them most likely... That alone limits them greatly.
    Now a good way to get info and access its with free software... I am surprised there isn't more top of the line free software floating around, used as a front / spy tool... And Yes im pissed i cant buy Huawei via normal channels in the US.. its bullshit, they have excellent phones on their way to be the best.. its all that crazy copying the Chinese do that leads to be the best, and others will soon start copying them i guess ...
     
    Last edited: Sep 3, 2018
  16. Chupachup

    Chupachup Limp Gawd

    Messages:
    435
    Joined:
    Jan 12, 2014
  17. AndreRio

    AndreRio [H]ard|Gawd

    Messages:
    1,240
    Joined:
    Nov 23, 2011
    is the american government any different?
     
  18. dvsman

    dvsman 2[H]4U

    Messages:
    2,692
    Joined:
    Dec 2, 2009
    Last I checked most if not all cell phones = made in china. So niche security widget being compromised, not really a big concern. That ship has long sailed.

    And as has already been stated, getting something 100% made in America, won't be any more secure for us either, just a different set of state actors involved.
     
  19. KazeoHin

    KazeoHin [H]ardness Supreme

    Messages:
    7,822
    Joined:
    Sep 7, 2011
    Isn't that just capitalism?
     
  20. Deathroned

    Deathroned Gawd

    Messages:
    555
    Joined:
    Mar 6, 2015
    something something American Exceptionalism only CIA, NSA, FBI and Mossad are allowed to hack, clone and track, if it doesn't Benefit Americas Master's it must be defamed and stopped.
     
  21. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,987
    Joined:
    Nov 15, 2016

    its still very much googles motto of dont be evil.. its just that that motto was always directed at the SHAREHOLDERS.. not the customers..

    LOL
     
    Chupachup likes this.
  22. Evil_SPanKY

    Evil_SPanKY Limp Gawd

    Messages:
    318
    Joined:
    Sep 15, 2006
    LOL, well played Sir, well played!