Is there any evidence that Macbook Pros purchased in China aren't safe?
November 6, 2022 1:17 AM Subscribe
Yes, yes, it's a paranoid question but...still, I ask it, just to assuage my anxious mind. FWIW, iPhones sold in China cannot see the Taiwanese flag emoji, so there is precedent for government policy influencing China-specific firmware.
I need to buy a new computer. Before covid-zero, going to HK to buy would have been a no brainer...though honestly, these days the difference in prices are pretty minimal (for the MBP I want, it's about ~200USD, which is totally fine for the headache it will save me otherwise). That said, there is always a spooky factor when buying this sort of thing here...especially because the Taiwanese flag emoji thing is extremely petty and extremely real.
That said, I have done a lot of searching and have found nothing. I'm pretty sure if there was something it would be gigantic news, I imagine there are lots of security researchers who'd love to get extremely famous on this overnight etc etc, but I thought I'd just sanity check.
I need to buy a new computer. Before covid-zero, going to HK to buy would have been a no brainer...though honestly, these days the difference in prices are pretty minimal (for the MBP I want, it's about ~200USD, which is totally fine for the headache it will save me otherwise). That said, there is always a spooky factor when buying this sort of thing here...especially because the Taiwanese flag emoji thing is extremely petty and extremely real.
That said, I have done a lot of searching and have found nothing. I'm pretty sure if there was something it would be gigantic news, I imagine there are lots of security researchers who'd love to get extremely famous on this overnight etc etc, but I thought I'd just sanity check.
FWIW, iPhones sold in China cannot see the Taiwanese flag emoji, so there is precedent for government policy influencing China-specific firmware.As far as I’m aware, iPhones with the region set to China do not see the flag of Taiwan emoji. If you take your iPhone bought outside of China and set its region to China, the flag will disappear for you too. It’s functionality within iOS rather than anything different about the iPhone itself (I do not know if there are any hardware or firmware differences between iPhones sold inside China and iPhones sold outside of China).
posted by kyten at 3:28 AM on November 6, 2022 [1 favorite]
Response by poster: kyten, I have an iPhone bought in China in front of me right now. "Region" under Settings -> General -> Language & Region is set to "United States" and it does not show the Taiwanese flag emoji. Not sure if it feeds off of some other settings or something, though. I would be very curious to know if there were some way to get the flag back, as it would definitely make me feel better about the scope of the firmware trickery being deployed on apple products in China if it's all the same, there's just some China specific flag or something.
posted by wooh at 3:53 AM on November 6, 2022
posted by wooh at 3:53 AM on November 6, 2022
I don't think this is a firmware thing. This post is one of many that talks about hiding the Taiwanese flag. This post claims that it's done by location rather than region setting for the phone.
It's probably a combo of region setting and device location. I wouldn't be surprised if U.S. travelers "lose" the Taiwan emoji when traveling in China and regain it when home.
I'm not aware of any evidence that Apple hardware sold in China is unsafe or tampered with to insert any special firmware/backdoors, etc.
Even if the hardware is uncompromised, though, you have no guarantee that its services are safe from prying eyes.
posted by jzb at 6:43 AM on November 6, 2022
It's probably a combo of region setting and device location. I wouldn't be surprised if U.S. travelers "lose" the Taiwan emoji when traveling in China and regain it when home.
I'm not aware of any evidence that Apple hardware sold in China is unsafe or tampered with to insert any special firmware/backdoors, etc.
Even if the hardware is uncompromised, though, you have no guarantee that its services are safe from prying eyes.
posted by jzb at 6:43 AM on November 6, 2022
I would not buy a Macintosh or other similar device in China for a $200 savings.
I can't find links with references, but in the past I have read that business travelers from the US going to China are advised to leave their smart phones at home and bring a burner device across the border. This may have been specific to Apple employees traveling to China.
Much of the risk in that scenario relates to the specific people carrying the devices, and the data they might have installed on it. But the bottom line was that if your device is ever out of your site while in China, you can no longer rely on it being secure. This can easily happen at the border.
The decision will come down to your particular profile and how much $200 is worth to you. But as I said, I don't see that tradeoff being worthwhile.
posted by Winnie the Proust at 8:28 AM on November 6, 2022 [2 favorites]
I can't find links with references, but in the past I have read that business travelers from the US going to China are advised to leave their smart phones at home and bring a burner device across the border. This may have been specific to Apple employees traveling to China.
Much of the risk in that scenario relates to the specific people carrying the devices, and the data they might have installed on it. But the bottom line was that if your device is ever out of your site while in China, you can no longer rely on it being secure. This can easily happen at the border.
The decision will come down to your particular profile and how much $200 is worth to you. But as I said, I don't see that tradeoff being worthwhile.
posted by Winnie the Proust at 8:28 AM on November 6, 2022 [2 favorites]
Business travelers that go to China are routinely advised to bring burner hardware that has the bare minimum of what they need on it and to dispose of the hardware once they come back, or if they keep it to not let it connect to any private or corporate network. And this is for stuff they bring with them, which theoretically would be harder to modify. Hardware obtained directly there would be met with a flat no, I assume.
Granted, a big part of this advice is to protect businesses from trade secret theft, and is more about what we know and/or assume their capabilities are than necessarily what is actual practice and if they are picky about who they target if so. Still, if it's sophisticated enough of a firmware attack, you won't be able to tell your device is compromised and will have a difficult-to-impossible time getting it into a known good state, and that's the real risk; you just won't know without a thorough forensic investigation of the hardware that would easily wipe out any cost savings from buying the device in the first place.
posted by Aleyn at 11:41 AM on November 6, 2022 [1 favorite]
Granted, a big part of this advice is to protect businesses from trade secret theft, and is more about what we know and/or assume their capabilities are than necessarily what is actual practice and if they are picky about who they target if so. Still, if it's sophisticated enough of a firmware attack, you won't be able to tell your device is compromised and will have a difficult-to-impossible time getting it into a known good state, and that's the real risk; you just won't know without a thorough forensic investigation of the hardware that would easily wipe out any cost savings from buying the device in the first place.
posted by Aleyn at 11:41 AM on November 6, 2022 [1 favorite]
Response by poster: Because I think it was unclear in the original: the MBP is 200USD more in China. The problem is that because of covid zero, getting an MBP from outside of China will be extremely difficult at the moment, and I'd really like one by December 1st for some work I need to do. I can put it off if I come up with another route but I'm not sure what options there are beyond trying to find someone I trust traveling into China "soon".
posted by wooh at 5:06 PM on November 6, 2022
posted by wooh at 5:06 PM on November 6, 2022
To be clear, I don't think there's a much risk of it being a problem, but the risk isn't zero either. If you are worried about being targeted by the Chinese government for espionage, or are doing sensitive, confidential work that the government or a Chinese-owned corp would be interested in, then I wouldn't take even that small risk. If you don't fall under that category then you'll have to decide if a low-but-not-zero risk is worth it to you.
As you said, there really isn't a smoking gun pointing to any specific incident with Apple hardware (there's an alleged supply chain hack against Supermicro that was widely reported but disputed by the companies involved), so it's mostly an abundance of caution thing. MBPs could have a Chinese-specific firmware that makes the system behave differently, but I haven't seen anything about that being the case either. It's generally difficult to hide network traffic entirely, and that would be the smoking gun that would most likely tip off a security researcher.
posted by Aleyn at 11:32 PM on November 6, 2022
As you said, there really isn't a smoking gun pointing to any specific incident with Apple hardware (there's an alleged supply chain hack against Supermicro that was widely reported but disputed by the companies involved), so it's mostly an abundance of caution thing. MBPs could have a Chinese-specific firmware that makes the system behave differently, but I haven't seen anything about that being the case either. It's generally difficult to hide network traffic entirely, and that would be the smoking gun that would most likely tip off a security researcher.
posted by Aleyn at 11:32 PM on November 6, 2022
Can you buy a cheap laptop to use in the interim, use it until you can get a known good MacBook, and then donate the Cheapie to a charity?
posted by Geckwoistmeinauto at 2:30 AM on November 7, 2022
posted by Geckwoistmeinauto at 2:30 AM on November 7, 2022
I'm not aware of any evidence that Apple hardware sold in China is unsafe or tampered with to insert any special firmware/backdoors, etc.
According to these news reports Apple hardware sold in China is different from Apple hardware sold in other locations.
That is not what I believed to be the case, but it's good to know.
posted by Winnie the Proust at 10:51 AM on November 30, 2022
According to these news reports Apple hardware sold in China is different from Apple hardware sold in other locations.
That is not what I believed to be the case, but it's good to know.
posted by Winnie the Proust at 10:51 AM on November 30, 2022
« Older I feel domestically de-motivated while with my... | TV shows with non-ordinary settings and characters Newer »
This thread is closed to new comments.
I imagine I'll get similar answers either way, but a rather different implied burden of proof!
posted by wooh at 2:20 AM on November 6, 2022