Now Chinese-made drones rubbing US govt up the Huawei: 'Strong concerns' DJI kit threat to national security A US government agency has claimed drones pose a threat to national security in an echo of its wider campaign against all things Chinese. According to the Department of Homeland Security (DHS), drones from China (therefore meaning DJI, the world's biggest manufacturer of the kit) "contain components that can compromise your …
"The United States government has strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to that data or otherwise abuses that access," the memo continued.
I agree and elaborate upon that theme in my long post below. Expect every Chinese company to bow down to the wishes of its totalitarian government. And yet it is unrealistic to expect reliable security from any other source thanks to the basic trend across the world of security technology incompetence.
"The United States government has strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to that data or otherwise abuses that access,"
The rest of us have strong concerns about any technology that takes our data into the territory of the United States government that permits its intelligence services to have unfettered access to that data or otherwise abuses that access.
Here is the thing.. all of these damned "internet of things" companies ... of all countries... want to take your data and offer it back to you "on demand" through their servers. So you want internet access to you home video? You need a Google/facebook/Huawei/Mi/younameit account. They ALL hobble their products unless you give them access. Could any of these companies offer RTSP service on their cameras so that you could stream to YOUR OWN server and keep your data private? SURE! DO ANY of these companies allow this? HELL NO. They want your data, and to charge you to make it available to YOU on demand. What a F'n Racket.
"So you want internet access to you home video? You need a Google/facebook/Huawei/Mi/younameit account."
Or you could go to your local electronics store, purchase a few cameras, an off the shelf security video server and something of the nature of a Raspberry Pi and set up a VPN to allow you remote access to your own standalone system - no accounts needed.
Your statement might be valid on a consumer forum, but I'd like to think that here we can come up with a few more options.
Your statement might be valid on a consumer forum, but I'd like to think that here we can come up with a few more options
Happy to have your help: I have a Motorola 73 motorised camera. it's impossible to use unless the communications go through their servers. I've picked apart the mobile app, i spent days on it alone. I also spent 3 days delving into the device itself. the best you can get is a mere 240p constant stream of jpg images, very, very slowly.
So.. help me out. how do i untether it and make it my OWN controllable camera?
"how do i untether it and make it my OWN controllable camera?"
I think the best solution is to not use that camera, and put together one that isn't locked into an ecosystem.
But, barring that, you'll need to do a little reverse-engineering. Identify the motor driver control lines, the video signal line, etc. Cut the traces that go to the microcontroller, and then install your own microcontroller that runs the thing instead.
"So.. help me out. how do i untether it and make it my OWN controllable camera?"
The obvious solution, and the one that I had in mind, was not buying a camera that was tethered to a cloud server in the first place - my local electronics store has a number of such devices available off the shelf - they even sell complete systems with cameras and server that you can install at home and configure however you want.
As with many technical things, research before purchase, not purchase before research.
For a start, here is one link to setting up the necessary VPN server at your home - as a side advantage, once you've got this set up and working you will have secure* access to all your home network, including any NAS, printers, etc. I also use it when connected to public WiFi as I am confident that my fibre connection at home is less easy to hack than some random WiFi access point with the password prominently displayed.
https://pimylifeup.com/raspberry-pi-vpn-server/
If you enter "set up vpn server on rasp pi" into DuckDuckGo (or Google, if you must) you will get a number of links that will guide you through doing this, some may suit your needs better than others.
I personally have found DuckDNS to be a reliable way of dealing with having a dynamic IP address on my home internet connection, but I've no doubt there are other such services for a similar price ie., free. I've set my system up to ping DuckDNS every 5 minutes, so I'm never more than 5 minutes away from being able to access my VPN should the IP change.
*secure against the casual hacker, not necessarily secure against determined law enforcement, criminals or government level spooks.
Lately, they are having trouble to make it work:
https://www.thenational.ae/world/the-americas/us-suspects-syria-in-new-chemical-attack-and-threatens-reprisal-1.864615
"US suspects Syria in new chemical attack and threatens reprisal"
They keep airing the same episode, over and over. Apparently, somebody's in dire need of new writers. ;-)
"...they really need to start offering some sort of actual evidence for their accusations."
Perhaps my research skills are unusual. But I collect evidence of China's hacking crimes against the world every day by simply watching for it across the Internet. I keep stacks of PDF saved documentation of China's hacking and robbery of IP in a folder marked "China- Criminal Nation." The flow of relevant articles into that folder never stops. It's my documentation of the behavior of a totalitarian, 'communist' nation. Anyone can see exactly the same documentation on the Internet if they care to bother. As such, it's impossible to believe that any Chinese company would NOT bow down to the surveillance demands of its government. I have to point to comments such as yours and call them:
Profoundly naive.
But as I elaborate in my long comment below, Chinese surveillance of the world is not the only issue. The larger issue is technology security incompetence across the entire world, including such US companies as Cisco and Intel and Ring, ad nauseam.
"I collect evidence of China's hacking crimes against the world every day by simply watching for it across the Internet."
Sure, but that isn't evidence that the devices in question are compromised, and if their hacking crimes mean that none of their equipment can be trusted, then no equipment from any nation can be trusted.
"It's my documentation of the behavior of a totalitarian, 'communist' nation."
Sure. But again, that's not evidence about the equipment in question.
"As such, it's impossible to believe that any Chinese company would NOT bow down to the surveillance demands of its government. "
Agreed. But yet again, this is true for every nation.
Your points are valid as far as they go, but in total, if that's the evidence then the US (and every other nation) should not be buying any equipment or chips made in any nation that isn't theirs.
Singling China out on this stuff, barring actual evidence that the equipment is compromised, really only makes sense in the context of war -- the trade war and/or preparation for a shooting war.
Except that it has been proven the stuff made in 'Merika can be loaded with NSA spyware added en-route to customers outside the USA.
So, you have a choice, pay a lot of money to be spied on by the USA or pay less money to be allegedly spied on by the Chinese...
Hmm, tough decision. But as it is my money, I'll probably go with the cheaper option.
So, you have a choice, pay a lot of money to be spied on by the USA or pay less money to be allegedly spied on by the Chinese...
I consider buying Chinese kit for home use a public service. It's generally cheaper and as reliable (YMMV) and IF the Chinese really are spying on the west through networking gear, I very much doubt they are particularly bothered by my shopping lists, home renovation plans or cake recipes. Therefore I am adding to the background noise they have to sift through to find anything useful.
The USA is going about this all wrong. If they truly believe the Chinese are using consumer grade hardware to spy on the west, they should be encouraging uptake of it to increase the amount of nonsense the Chinese have to deal with. Really, it's everyone's patriotic duty!
" Therefore I am adding to the background noise they have to sift through to find anything useful."
There used to be a small number of people who would add meaningless drivel at the bottom of every email just to give certain spy agencies something to look at. Most of them stopped when it became clear that those agencies sometimes had trouble separating complete b0770cks from real spy chatter, and such a misunderstanding could result in either a lifelong ban on travelling to The House Of Mouse or, even less fun, a one-way trip to an extended vacation on a sub-tropical island that may or may not really exist...
Of course, being on a science-fiction mailing list and discussing things like high-energy plasma weapons and orbital mechanics can also carry a degree of, ah, "excitement"...
"Most of them stopped when it became clear that those agencies sometimes had trouble separating complete b0770cks from real spy chatter,"
That's not why people largely stopped spookfooding. Everyone doing it was hoping that those agencies would have trouble separating spook food from the real thing -- that was the whole point. People stopped doing it because most people became aware that it was ineffective.
the US is becoming a laughing stock in line with Russia, which has, for the last several years, shamelessly used its various "food standards" agencies, to put pressure on countries and to punish them for not acting in line with Russian visions. The Russians regularly see a middle finger by those countries in response, but will the world stick the middle finger to the Empire? Obviously, China will encourage such challenging behaviour, but in the long term, isn't it better to be fucked by an old master (and think of England), rather than invite a new one with pretty disturbing tastes...
The Defense Department banned DJI drones from use or purchase a YEAR ago. Military personnel are forbidden from purchasing them, or using them on any military property. Like Huawei, it's a camel's nose in the tent, collecting intel and surveillance here at home for the PRC intel agencies.
Like Huawei, it's a camel's nose in the tent, collecting intel and surveillance here at home for the PRC intel agencies.
I never stop to marvel how we always tend to interpret other people's actions in terms of our own intent, so very rarely even trying to figure out theirs. It's a human thing to do, but as the sole basis for state policy it seems to lack certain finesse.
The United States government has strong concerns about any technology product that is sufficiently competitive with or is demonstrably ahead of American technology and will do anything in its power to sabotage said product(s) and deny 'free' market access
And this doesn't make any sense.
China has had >50 years of reverse-engineering products and selling them in the open market at a fraction of the cost.
The biggest challenge for them, lately, is the software side. Particularly when softwares can hide "easter eggs".
World and business leaders are still too terrified to action any copy write infringements.
You can't close Pandora's Box once it's open.
Software may be dodgy. Product may be crap. However, at the end of the day, China will still continue to copy other people's product and ideas without any care in the world. Anything and everything is "fair game".
So after DJI and Huawei, who's next? Xiaomi? ZTE?
But they're not. Judging simply from China's hacking behavior over the past 20 years, since 1998, the year China was granted 'Most Favored Nation' status by the USA, there is no reason whatsoever to trust any company in China to be immune from their government's surveillance mandates. China surveils its own citizens with strict and invasive discipline. That's entirely accepted knowledge, especially inside China. China surveils and steals from nations and companies across the world. That's also entirely accepted knowledge. Ask any/every US government agency as well as any creative technology company in the country. The examples are plentiful. As such, there really, seriously, honestly is no reason to entrust Internet communication security to any Chinese company. Every Chinese company must comply with any and all demands of its government. That's what totalitarianism is all about. We can debate and divert and disagree all we like. But this is the state of affairs regarding China. It's showing no signs of changing.
And yes, every expression of the actual state of Chinese businesses is met on the Internet with a barrage of utter propagandist BS to the contrary. I suspect this post will suffer the same.
Meanwhile, there's the issue of incompetence. It's easy to point at Chinese technology company incompetence. Huawei has pulled some outrageous security blunders so far in 2019 alone. Simply from the perspective of requiring quality materials over cheaply made, slap dash crapware, Huawei is to be avoided. HOWEVER! I can point at Cisco Systems hardware and say EXACTLY the same thing! As such, requiring quality materials means Cisco is to be avoided! You'd think Chinese companies, building hardware and software from stolen intellectual property, would constantly stumble, fumble and bumble, seeing as they didn't invent any of it and therefore cannot entirely understand it. But the USA has plenty of entrepreneurial, inventive, creative companies who, from my perspective, stumble, fumble and bumble their hardware and software. Security is universally expected to be a failure at this point, no matter the source.
IOW: Avoiding Huawei 5G hardware is a brilliant strategy for the entire world! But whether it's deliberate or inadvertent, expect crap security from everyone else's 5G hardware as well. Not kidding. Let's make some popcorn and watch the show...
You know those locations that they are required to have mapped so that the drones won't go there? What happens if the drones all decide that those are the places that they ARE going to go?
There is a really weird disconnect for me on these forums. On the one hand, we instantly and vociferously decry security vulnerabilities of all kinds in general. On the other, there is this demand that the US ignore supply chain vulnerabilities when relating to a government that has maintained a constantly aggressive rhetoric towards it for at least three decades.
Again: expect any major government to enlist whatever corporations that are based in its jurisdiction in war. Expect any quasi-intelligent government to include a fairly broad definition of "war", and to prepare for eventualities.
I _expect_ the EU to take a dim view of dependence on US tech for its core infrastructure. It's not the US's fault if the EU still doesn't want to pay the cost of security.
"On the other, there is this demand that the US ignore supply chain vulnerabilities when relating to a government that has maintained a constantly aggressive rhetoric towards it for at least three decades."
I don't see that at all. I suspect that the vast majority here would agree that supply chain vulnerabilities need to be addressed. The point I see being made is simple -- why is all the concern directed at China when the risk comes from all nations?
Addressing China specifically doesn't do what's required to address supply chain vulnerabilities. The entire supply chain, regardless of the nation involved, has to be addressed. Since that's not what the US is doing, the only logical conclusion to reach is that this has nothing to do with security, and everything to do with engaging in an economic war with China.
If someone went on FB, and posted that they were going to drive by your house, and plant a WiFi snooper to steal your credit cards, what would you do?
China has an official policy of going after us in this regard. Taking them at their word and reacting appropriately is really basic.
The UK government is currently worried by the rapid expansion over the last two years of the chinese into the massage parlour industry in the UK
The number of parlours, and the number of chinese girls working in them is growing exponentially and is seen as a deliberate policy by the chinese underworld gangs. Besides the money earned from prostitution, the parlours are fronts for laundering the cash from more exotic crimes, and gives the chinese government a ready support network for the increasing number of spies embedded in British industry
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
