CyberCX issues warning on household Chinese internet connected devices
Melbourne, Australia – Monday 20th January
CyberCX, Australia and New Zealand’s leading cyber security provider, has issued a warning about poor security standards and surveillance risks in Chinese-made internet-connected devices and called for enhanced consumer protections following an investigation into a compromised connected doorbell in an Australian household.
The investigation by CyberCX’s Digital Forensics and Incident Response (DFIR) team determined that a Chinese-made Dahua connected doorbell in an Australian household was compromised by an attacker. CyberCX found evidence the device became associated with a botnet – a fleet of infected devices controlled by an attacker – enabling the attacker to potentially access other devices connected to the home Wi-Fi, such as computers, TVs and home security systems.
In this case, the attacker was effectively able to gain a constant surveillance feed of the family’s front door and driveway, while locking the family out of the smart doorbell device. The compromise of the Dahua device that is widely available in Australia, was only detected when a household member connected a work computer to their home Wi-Fi, triggering an alert within their employer’s cyber security systems (CyberCX has chosen not to name the employer).
CyberCX’s warning on Chinese-made internet connected devices comes as authorities in the United States consider a ban of the Chinese-made router TP-Link – also widely available in Australia – on national security grounds due to suspected links to cyber attacks. Last year, the Biden administration effectively banned Chinese-made software and hardware from cars driven in the United States over data collection concerns and other national security risks.
CyberCX’s Chief Strategy Officer Alastair MacGibbon said: “Chinese internet connected devices are manufactured and sold at the lowest possible cost and with negligible security measures, leaving many wide open for exploitation by criminals. We are effectively sleepwalking into a world where demonstrably unsafe Chinese products are flooding the Australian market.
“Internet-connected devices are not secure when they come out of the box, and while these risks can apply to all connected devices in the home, they are particularly pronounced for Chinese-made tech which requires a constant, ongoing connection to Chinese manufacturers to operate, leaving them at the whim of Chinese government security agency direction and surveillance. While these cheap, imported devices are attractive to cost-conscious consumers battling the rising costs of living, consumers need to understand they are effectively bringing foreign surveillance tools into their homes.
“While it’s encouraging to see that the government has introduced new security requirements for internet connected smart devices as part of last year’s cyber security reforms, it remains to be seen how these reforms will protect Australian households from the influx of cheap connected devices available on Chinese e-commerce platforms like Temu and Shein.”
CyberCX’s investigation exposes a growing nexus between the home and the workplace, with compromised personal ‘smart’ connected devices in the home becoming an initial access entry point for criminals or state sponsored actors to infiltrate corporate networks.
ENDS
About CyberCX
CyberCX is the leading provider of end-to-end cyber security and cloud services. With a workforce of 1,400 cyber security professionals, CyberCX is a trusted partner to private and public sector organisations, helping customers confidently manage cyber risk, respond to incidents, and build resilience in an increasingly complex and challenging threat environment.
