Electronics made in China are often less expensive than products sold by western companies such as Cisco and Juniper. But there may be a cost associated with that price.
The Chinese security firm Boyusec is working with the Chinese Ministry of State Security intelligence service in conducting cyber espionage, according to the Pentagon. This would not be a surprise except that they are also working with the Chinese network equipment manufacturer Huawei that the Pentagon banned from DoD purchasing a few years ago.
While Huawei denies this, the Pentagon says that Huawei/Boyusec is putting back doors in Huawei networking gear so that the Chinese can spy on purchasers of Huawei equipment. In addition to spying on customer’s phone and network traffic, using these backdoors also allow the Chinese to take control of these devices – likely to subtly reprogram them to allow them even more effective spying.
This follows a report earlier this month that software was found on more than 700 million phones, cars and other smart devices that was manufactured by Shanghai Adups and used by Huawei, among others. The software phoned home every three days and reported on the users calls, texts and other data. Another Chinese technology manufacturer, ZTE, also uses the software.
The moral of the story is that you should consider the reputation of the vendor that you are considering prior to making your purchase decision.
Sometimes that vendor is hard to detect. If you buy a piece of electronic gear – such as those security web cams that took out Amazon and hundreds of other companies last month – had software and internal parts that were made by a vendor that didn’t care about security, but that company was not the name on the outside of the cameras – sold by many different companies.
Unfortunately, those vendors are price sensitive, so if they can find software for a few cents per device sold, they may decide to use it and not ask any questions about security. After all, there is no liability in the United States if a company sells a product with poor or even no security. That is up to the customer to figure out. 99% of the customers have no idea how to figure out whether a web cam or baby monitor is secure. Unfortunately, what is needed is for companies to be held accountable for the security of these products. This doesn’t mean that they should be clobbered for every bug found, but if they are ignoring reasonable commercial security practices, well, then, that might be a different story. My two cents, for what it is worth.
Information for this post came from the FreeBeacon.