Global Competition Less Security for The Consumer- Be Aware

by Parent Co. November 01, 2016

Womb of a pregnant lady

Chinese factories are churning out hackable hardware, and no one is doing a thing to stop them. In the aftermath of the attack, one company in particular has been implicated: Hangzhou Xiongmai Technologies. According to security researchers, the Chinese company built hardware and software for internet-connected security cameras that was insecure. Then hackers deployed a malicious strain of malware known as Mirai into the devices, and used them to direct huge amounts of internet traffic to Dyn, a Domain Name System (DNS) provider that often serves as a virtual “first stop” for computers connecting to sites on the internet.
Popular websites including Twitter, Spotify, Netflix, and PayPal were knocked out by the Distributed Denial of Service (DDoS) attack...

As manufacturing supply chains have grown more fragmented globally, and electronics products have become commodities, security and safety standards haven’t caught up...

What is Xiongmai Technologies?

Analysts say Hangzhou Xiongmai Technologies is one of the industry leaders in making and selling IP (Internet Protocol) camera modules. Still, there’s scant public information about the company...

The current CEO is also head of Hangzhou Jufeng Technologies, which also specializes in smart cameras. Jufeng also owns a a stake in Hangzhou Trade, and Chen Jinsheng is listed as a “supervisor.” All five companies are registered to the same address.

In what now seems like foreshadowing, the company attracted controversy earlier this year when Chen Jinsheng proudly touted in a public speech (link in Chinese) the company’s relentless pursuit of cost-cutting in order to drive sales of low-end products...

... a 15-year cybersecurity industry veteran, on WeChat this June. He said that cost-cutting companies were “blood-sucking insects” killing China’s security industry, by driving prices down so low that it threatened to destroy it entirely...

While many internet-of-things (IoT) companies fail to secure their products properly, Xiongmai’s approach is particularly egregious, said Brian Karas, who follows the video surveillance industry at research firm IVPM. “In the current age of IoT devices, this is not just leaving your front door unlocked, it is like leaving it open for anyone to walk through,” he told Quartz.

These mostly Chinese manufacturers face fierce competition from their peers, each gunning to sell modules to the myriad of security camera companies—which now include legacy hardware firms like Honeywell, budding startups like Nest, and a plethora of unknown brands. Even among consumer-facing brands, the industry is heavily fragmented...

Consumers, meanwhile, don’t buy cameras because they’re secure, they buy them for special features like waterproofing, sharp image resolution, or a Minion-shaped casing...

Consumers also bear some responsibility for enabling the Mirai attacks. Research showspeople repeatedly resist picking strong passwords for their devices. Rather than taking 10 seconds to choose a strong one with dollar signs and a mixture of uppercase and lowercase letters, they lazily resort to guessable ones like “password” and “123456.”

...security of IoT devices will be more challenging, as there are no US government regulators or independent agencies directly responsible for it. The CPSC told Quartz it cannot issue recalls of Xiongmai or other vulnerable cameras because the malfunction “seems to be related to an invasion of privacy,” and that’s not what it regulates. The CSPC will only intervene “when there is a risk of physical harm to consumers because of a defect with the product.” The US’s main consumer regulator doesn’t look at privacy.

For most consumers, the DDoS attack on Dyn marked a minor inconvenience—Spotify or Twitter remained inaccessible for a few hours, but no greater harm was caused. But the same tactics used to slow internet access across the US could also be used to steal someone’s credit card information or email login credentials, spy on their home, or much worse in the near future.

Source: A collision of Chinese manufacturing, globalization, and consumer ignorance could ruin the internet



Parent Co.

Author



Also in Conversations

Seven Ways to Help Your Child Find Genuine Joy During Times of Uncertainty
Seven Ways to Help Your Child Find Genuine Joy During Times of Uncertainty

by Parent Co. December 06, 2020

When times of uncertainty hit, it can throw you and your family’s life off-balance. For example, life amid the current pandemic isn’t easy.

Continue Reading

Children jumping on a sofa
Which Type of Exercise Best Improves Kids' Moods, According to Study

by Parent Co. January 12, 2020

Parents often feel overwhelmed by trying to schedule in exercise because of time constraints and child willingness. A new study can help with the guesswork.

Continue Reading

Boy sitting on a shoulder by holding US flag
It's Time to Reverse the Bucket List

by Parent Co. December 15, 2019

Let's dump out all the accomplishments of the previous year into one long pat-me-on-the-back list to appreciate.

Continue Reading