China’s alleged espionage capabilities are scaring many American tech giants who reportedly urged their Taiwanese suppliers to shift components production from mainland China and keep them safe.
According to a report by The Nikkei Asian Review, at least two Taiwanese companies Lite-On Technology, and Quanta Computer are shifting their production to Taiwan.
American tech companies suspect even inane components like power plugs will turn handy to Chinese spies to extract their sensitive data, the report said.
The report quotes Taiwanese executives of the firms who said their American clients wanted them to move out of China fearing risks of cyber espionage.
Lite-On is spending 10 billion Taiwan dollars ($323.52 million) for a new production base in southern Taiwan.
Sources in Lite-On also confirmed that the new facility will produce server power parts and take care of American concerns. The new facility is expected to open pilot production in June.
The client list of Lite-On includes Dell EMC, Hewlett-Packard, and IBM, while Quanta has Google and Facebook as big-ticket customers. Quanta Computer supplies servers and data centers.
Lite-On provides power components and power supply systems for many devices. They range from smartphones to data centers. The company’s power supply components and systems are used by many manufacturers like Wistron, Quanta, and Inventec for server assembly.
How does espionage work?
The concerns of U.S tech giants are not unfounded and they were endorsed by a cybersecurity expert.
According to Tien Chin-Wei, deputy director at the Taipei-based cybersecurity Technology Institute, it is reasonable for U.S. companies to harbor such concerns. Technically such hacking is doable and hackers can use power supply systems or power cords to extract data stored in servers.
Tien also warned that any interface between components, motherboards, and power supply systems can be a loophole for malicious implants.
Manipulation of the power supply system in servers
In the digital economy, servers are the heart serving as data warehouses where the power supply system functions differently from ordinary devices such as smartphones or notebooks.
This makes detection of spurious chips hard if implanted in the power supply during the production phase, according to cybersecurity experts.
“If the server is compromised and the implanted chip in the power supply system is activated, the power lines could serve as a covert channel to transmit data,” commented Philippe Lin, senior threat researcher at the cybersecurity company Trend Micro.
A 2018 report in the Bloomberg BusinessWeek alleged that the Chinese government hacked a manufacturing system related to data centers and planted tiny microchips to the equipment.
It said Amazon Web Services and Apple were using the data center. Later Amazon, Apple, and China refuted the report. Despite the denial, it alarmed all technology companies.