Internet-of-Things is one of our most favorite, if not the most favorite topic to discuss here. We wrote countless articles since 2017, about the inherent increase of acceptance of IoT devices, the security risks they add to the homes and offices, and the real cost of its operations overall. However, we have not tackled the biggest elephant in the room when it comes to IoT devices until now. The issue of suppliers, where are the IoT devices are manufactured, assembled and shipped from?
Yes, it is from China, we all know the answer but we usually do not give it more thought being consumers of these devices. As consumers we are attracted by price in comparison for the product’s feature set. China made itself the capital of technology-supplies in the world, including parts and labor. Even stuff as simple as screws that fasten the gut of the device to its case are made in China, more than any other supplier locations in the world combined.
Of course, we do not say that Chinese products, parts and labor are generally low-quality, far from it. U.S., Australian, and European manufacturers (western manufacturers) often outsource labor, production-assembly to well known reliable Chinese manufacturing companies such as Foxconn. Generally speaking, legitimate electronics giants in China produce reliable, dependable products with IoT security a priority, it also accompanied with lower cost of labor. However, even in a communist regime, fly-by-night and companies with questionable track record operate regularly.
Two Chinese brands Dahua and Hikvision in particular are trying to penetrate the Australian electronics market, especially in the sector of IoT and online cameras. “Chinese firms have a long history of embedding backdoors in their equipment. And it’s not happening by accident – in 2013, we found purpose-built backdoors in Huawei equipment. In 2017, we saw the same embedding technique in Dahua security cameras, which the US Congress then banned in 2018,” explained Terry Dunlap, ReFirm Labs’ co-founder.
The Australian Department of Home Affairs, Government Solicitor’s office, Office of National Assessments and Attorney-General’s are known to use Chinese-manufactured cameras for their surveillance systems. The Australian Department of Defense stopped the same practice after realizing the huge risks the Chinese-cameras can impose upon the national security of the land down under.
“All telecom gear coming from China that is placed into critical infrastructure, for example, needs to undergo a thorough security vetting from top layer applications all the way down to the firmware level where we see backdoor implants. Companies need to think twice about purchasing Chinese-made equipment if they don’t have vetting and monitoring capabilities in place to detect such backdoors,” added Dunlap.
Aside from the risks involved, the Chinese-branded cameras and other IoT products have a very flexible purchase offers for just about anyone. They use aggressive pricing in order for their products to come as cheaper than any competitor in the market does not guarantee IoT security. But of course, the decision still belongs to the individual and the corporate decision-maker if they wish to install a Hikvision or Dahua branded IoT products. The savings in a short-term may be beneficial, especially if the company is an SME (Small and Medium Enterprise). We at here strongly suggest not only to vote with your wallet, but also purchasing products with full consultation with your IT department head or with the CISO (Corporate Information Security Officer).
Fundamentals Of Security Precautions For IoT Devices