Skip to main content
  1. Home
  2. News

Yes, China is probably watching us through our IoT devices

By
Wyze Cam Pan Review
Terry Walsh/Digital Trends

Is your phone/laptop/home security camera spying on you for the Chinese government?

Well, probably.

Should you care?

Recommended Videos

Yes … but also, how much of a choice do we all have?

Internet of Things (IoT) device security — particularly in home security camera systems like Wyze, Aqara, and Ring — has been a hot topic lately. The devices have repeatedly been shown to be leaky and insecure at best, with no two-factor authentication or encryption present. This has allowed for a multitude of incidents wherein hackers have gained control of people’s digital lives and threatened them.

Ring Video Doorbell Pro
Image used with permission by copyright holder

Holistic approach lacking

But a wider problem still is the passive watching that might be happening. Many of the devices are assembled in China, using Chinese parts. Even if the companies are not explicitly Chinese, this presents a threat. So much so that the U.S. Department of Interior at the end of January instituted a ban on Chinese-made drones and drone parts over fears that the tech might be sending information back to the Chinese government.

“In general, IoT devices contain many third-party components and different communication stacks, which provide many ways for malicious parties to hack into them,” said Natali Tshuva, CEO and co-founder of Sternum, an Israeli cybersecurity company that works on secure connectivity for IoT devices, in an email to Digital Trends.

This is changing, somewhat, Tshuva said. Common vulnerabilities in IoT systems like Elasticsearch databases being left open for access without credentials are problematic, she said. This emphasizes the need for end-to-end encryption.

“Companies are taking steps to enhance the security of their devices, but they are lacking a holistic approach that covers all security aspects of their devices, leaving an opening for attackers to exploit them,” Tshuva wrote. “With billions of IoT devices coming to market now and over the next few years, it’s critical that each device is embedded with security.”

ATYCBY 3-19-2017
Osiris: IoT water pipe monitor Image used with permission by copyright holder

Price drives the bus

The problem, said Jimmy Jones, telecoms cybersecurity expert at Positive Technologies, is that these companies care most about being first to market, and this means cutting costs. “Everything is driven by price point. People don’t want to pay that extra dollar,” Jones told Digital Trends. “So they [the companies] end up using third-party software and third-party parts. The problem is, a lot of [the devices] do come from China.”

“It’s hard to tell what’s malicious and what’s just incompetent,” said Ron Gula, a former National Security Administration white hat hacker and current investor in cybersecurity startups. “Let’s say there are some companies that have perfect security on their devices, but they are still based in China,” he said. “All of that data they collect, the Chinese government can ask for access to it. Or it might even have implied access, and they don’t have to tell us about it.”

Who is China spying on then, if is indeedspying? “In a word, indirectly, probably everyone,” Jones said. “But it’s not necessarily cause for alarm; it’s a trust situation.”

So much of our lives are produced in China now. Where do we draw the line as to what products we’re willing to accept from there, Jones asked. “Is it a car? Is it a drone? Is it a light bulb? Is it a central heating system?” Jones said, pointing to two stories, one about a DDOS attack in Finland that shut down a city’s central heating system, another another about smart light bulbs leaking Wi-Fi credentials.

LIFX 2.0 update
Image used with permission by copyright holder

“We’ve seen it with Huawei,” Jones said, referring to the Chinese phone manufacturing giant that has been the target of much ire from the Trump administration. “These companies, or their holding companies, are all owned by the trade unions. The Chinese Communist Party is essentially the head of the trade unions, so reall,y everyone is just two steps away from being owned by the Chinese government.”

“There has to be a point where trust needs to take precedence,” Jones said. “Or, do we create a new superpower to manufacture our stuff, and then in 10 years we decide we don’t trust them either?”

Requiring everything to be made here in the U.S. isn’t really that feasible, said Gula. “Our iPhones are built in China,” he said. “Like most Cisco routers and most laptops.” And honestly, he said, that isn’t what matters here. The best antidote right now is just to educate the public.

“When your data’s in the Cloud, you hope it’s protected, but it’s honestly subject to the laws of wherever it’s hosted,” he said. And then there’s a question of where the data that’s transmitted through these devices is stored. “Data provenance, and where it’s stored, and who has access is a big deal.”

“I don’t want to see ‘Made in China’ stickers,” Gula said. “I wanted to see ‘Data Hosted in China’ stickers.”

Editors’ Recommendations

Topics
Maya Shwayder
Maya Shwayder
Former Digital Trends Contributor
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
Luke Grimes says Costner’s absence made this easiest season of Yellowstone to film
Luke Grimes leaning on a fence in Yellowstone.

The absence of Kevin Costner from the second half of Yellowstone's fifth season was one of the defining stories of the show's second half. While many fans may have missed Costner and his character, John Dutton, there was at least one member of the cast who thought Costner's absence made filming the show easier.

In an interview with Esquire, star Luke Grimes got candid about filming the final season. “Hopefully, everyone can see that it was time,” he told Esquire. “To be really honest, there was a part of Kevin being gone that meant some of the conflict was gone. Obviously, it didn’t make it super fun to be around. Not pointing any fingers, but it was actually the easiest season we’ve filmed.”

Read more
Nvidia may not budge on its VRAM choices
Logo on the RTX 4060 Ti graphics card.

According to new leaks about the RTX 50-series, Nvidia may still keep its most popular GPU starved for VRAM. Wccftech claims that the RTX 5060 will retain an 8GB memory configuration combined with a 128-bit bus. Does this mean that the RTX 5060 won't find its footing among some of the best graphics cards? Not necessarily.

The publication cites its own sources as it reveals some of the specs for Nvidia's more affordable GPUs, ranging from the RTX 5070 Ti to the RTX 5060. And while there are some changes, it does seem that, for the most part, Nvidia is satisfied with its approach to video memory -- which games like Indiana Jones and the Great Circle are constantly putting to the test. Newer AAA games will only push for higher memory capacities, which we may not find in Nvidia's most affordable GPU, but the rest of the stack is looking a little better. Let's go over the specs.

Read more
Nvidia’s RTX 5080 may be better than the RTX 5090 in one small way
The PNY RTX 4080 XLR8 installed in a PC.

The launch of Nvidia's next-gen best graphics cards is right around the corner, and we're getting new leaks about the specs almost every day. Today, Benchlife reveals that the RTX 5080 may be the only RTX 50-series GPU to receive 30Gbps memory modules from the get-go. This would give the RTX 5080 a slight advantage, but there's also some conflicting information about the memory configuration for this GPU.

All of Nvidia's next-gen graphics cards are said to use new GDDR7 memory, and yesterday's Zotac leak confirmed that the RTX 5090 will sport 32GB of GDDR7 VRAM. That's a massive upgrade over the previous generation, but the RTX 5080 won't enjoy the same improvements -- the GPU is said to retain both the 16GB memory and the 256-bit bus we've already seen in the RTX 4080 (and its Super version).

Read more