Fraud is rampant. All of this is due to greedy sob's trying to make a Yuan.
But they're not just screwing the roundeye. They're screwing Samsung, Toshiba and Siemens too.
Certainly the PLA is poking around at the periphery too.
But they won't try to insert espionage into parts that are mislabeled!
In fact, they would LOVE for Levin and Mcpain to "win" and think that they've closed the entry vector, so they can funnel whatever without suspicion through a Singapore contingent.
I can assure you the PLA is not on the periphery of this issue.
It’s not like this is unknown. The subject has been publicly discussed since at least 2005.
You should at least read up before claiming the threat of counterfeit chips is simply an IP or revenue issue.
http://www.popularmechanics.com/technology/gadgets/news/4253628
“Such tampering wouldn’t have to occur in a factory where computer components were built. In fact, repair businesses and subcontractors may pose a greater danger. “A skilled and capable adversary could replace a chip on a circuit board with a very similar one,” says John Pironti, a security expert for information technology consulting firm Getronics. “But this chip would have malicious instructions added to the programming.” The strategy wouldn’t be practical for running a broad identity-theft operation, but it might allow spies to focus an attack on a valuable corporate or government target—gaining access to equipment, then doctoring it with hidden functions”
http://defensetech.org/2012/03/29/richard-clarke-all-u-s-electronics-from-china-could-be-infected/
Indeed, the SIA and international organs are drawing up protocols for verifying sources of components, because this counterfeiting is a big issue for no less than:
1. The US
2. Japan
3. S. Korea
4. Germany
5. Malaysia
6. Taiwan
and on and on and on. There’s lots of money being lost by legit vendors as a result of this grey-market crap out of the PRC. I won’t even get into the even more formidable “counterfeit bolt and steel” issue that is out there.
The one chipset(s) where I could see insertion of rogue logic are ethernet interfaces. They’re now a commodity and usually no one even thinks about whether or not they’re correct, much less genuine any more. When I was at cisco, we had quite a little “scandal” with ethernet (back then 10/100, ie, pre-gig) chipsets that didn’t implement collision back-off correctly and some chipsets would silently drop the frame or jam the wire inside the timing windows. No one else was aware of it, not even the vendors, until Xerox PARC debugged the problem on our boxes with an oscilloscope. PARC came to us and said “Look, we have conclusive evidence that these chipsets on these particular ethernet interfaces on these routers implement the spec incorrectly on collision back-off. What do you think?”
Well, what we thought after duplicating the problem(s) was to contact the chip vendors. Much stony silence ensued, until we made legal noises. Then there were some fixes... but still, we had a lot of product out there with defective chips. On lightly loaded networks, no one really noticed... but on a loaded network, oh yea, you’d see the network’s total bandwidth collapse in some situations as a result.
So could someone put a frame sniffer into an ethernet chipset? Sure. Would it be noticed before triggered? Probably not. The industry doesn’t even notice when chipsets don’t meet published specs as it is now. At least some military applications of discrete and analog components require testing in adverse environments where failures will be seen. The PC’s, laptops and routers that the DOD is buying? Feh.
And let’s not even worry about a sniffer logic package. Just insert logic that makes the interface go deaf on receipt of a “magic packet payload pattern” and spew out to a wire or multicast group broadcast address a similar packet, so all other nodes on that ethernet go deaf as well. It wouldn’t take up much in the way of gates. Get some government idiot to surf to a porn site, the response contains the magic byte pattern, the surfer’s computer goes deaf and then takes down everyone else on his switched or bridged network.
The only company I know of who really takes security seriously is IBM. They’re more serious than the DOD or government about security. eg, they ban Siri use on their networks or inside their plants..... because they don’t know for how long or where Apple is storing the voice recordings of input to Siri. Back in the 80’s, IBM was more serious about their own security than the DOD was about US security. IBM knew that DES was compromised from the get-go... and the NSA talked them into keeping the differential crypto vulnerability quiet for years...