This is a list of hardware manufacturers that I personally wish to avoid purchasing equipment from and why. It is meant to be a personal reminder to myself.
I pay a lot of attention to the principles behind and the attitude from the companies. If a company thinks it's ok to put in a backdoor they cleary shows a deep disrespect and contempt for their customers and that is something that is not fixed by just saying sorry. Something like that runs deep in an organization and takes years to amend (if possible).
November 2015 (rouge root CA)
Dell obviously didn't learn anything from Lenovos craptastic move with SuperFish. The decided that it is a perfectly good idea to ship a rouge root level CA, including the private key. There's a page to check if you are affected.
May 2017 (remote exploit)
A very serious issue in their integrated management allows for remote exploitation even on powered down systems.
August 2015 (crapware/malware)
- CAUGHT: Lenovo crams unremovable crapware into Windows laptops – by hiding it in the BIOS
- Lenovo used Windows anti-theft feature to install persistent crapware
February 2015 (SuperFish)
Found to be pre-installing adware using MITM techniques to circumvent SSL/TLS security to inject ads and collect data.
- Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections
- Lenovo installs adware on customer laptops and compromises ALL SSL.
- Extracting the SuperFish certificate
July 2013 (hw backdoor)
Blacklisted by several actors due to concerns about backdoors.
December 2015 (lightbulb DRM)
Locking customers out of third party light bulbs with firmware update and not adhering to the open zigbee standard.
Their OEM software is deliberately disabling Windows Update.
2005 - 2007 (rootkit)
Rootkit installed from CDs.