Archive for China

The Official Beijing Winter Olympics App Is Found To Be insecure By Citizen Lab

Posted in Commentary with tags , on January 18, 2022 by itnerd

In a report released by The University of Toronto’s Citizen Lab today, researchers analyzed the ‘My 2022’ Beijing Winter Olympics app and discovered the app is insecure when it comes to protecting the sensitive data of its users. The app’s encryption system carries a significant flaw that enables middle-men to access documents, audio and files in cleartext form. Researchers found that the ‘My 2022’ app, which is required for all athletes, members of the press and the audience to have installed, is subject to censorship based on keywords and has an unclear privacy policy that doesn’t determine who receives and processes sensitive data, thus violating Google and Apple’s App Store guidelines. 

Chris Olson, CEO at The Media Trust, an enterprise digital safety platform:    

“Poor app security is a leading cause of the rise in cyberattacks on mobile devices. While the security issues found in ‘My 2022’ are concerning, unfortunately they are not as unique as they appear. Not all mobile apps are susceptible to man-in-the-middle attacks, but most of them do contain undisclosed third parties who can access the same user data as the developer. Mobile users frequently assume that they are safe either because of app store policies, or because they have consented to terms of service – but third parties are not carefully checked by app reviewers, and they are rarely monitored for safety. They can be hijacked to execute phishing attacks, share sensitive data with fourth or fifth parties, suffer a data breach caused by lax security practices, or worse.”

I have to admit that if I were an athlete going to these Olympics and I read this, I may think twice about going. And it makes the move by the Dutch to have athletes keep their personal electronics at home look like a good decision.

Dutch Olympic Committee To Dutch Athletes: Don’t Take Your Phones And Laptops To The Winter Olympics In China

Posted in Commentary with tags , on January 12, 2022 by itnerd

Right now, China doesn’t exactly have the best public perception when it comes to being trustworthy. That’s on display via this Reuters article where Dutch Athletes are being told by the Dutch Olympic Committee to leave their phones and laptops at home when they go to the Winter Olympics that are being held in China:

Dutch athletes competing in next month’s Beijing Winter Olympics will need to leave their phones and laptops at home in an unprecedented move to avoid Chinese espionage, Dutch newspaper De Volkskrant reported on Tuesday. The urgent advice to athletes and supporting staff to not bring any personal devices to China was part of a set of measures proposed by the Dutch Olympic Committee (NOCNSF) to deal with any possible interference by Chinese state agents, the paper said citing sources close to the matter. NOCNSF spokesman Geert Slot said cybersecurity was part of the risk assessment made for the trip to China, but declined to comment on any specific measure. “The importance of cybersecurity of course has grown over the years”, Slot said. “But China has completely closed off its internet, which makes it a specific case.”

It will be interesting to see how China reacts to this. If they say nothing, you have to wonder why as that it implies that China is actually doing something. But if they react in an angry manner, then you might say exactly the same thing. And I can see a scenario where if other countries copy the Dutch, then the Chinese might really freak out as a result.

Get the popcorn ready.

US Goes After China For Hacking… China Hits Back

Posted in Commentary with tags , , on July 21, 2021 by itnerd

The US has taken the unusual step taking a shot at China over the hacking of Microsoft. This March, Microsoft reported that at least 30,000 customers were affected by a hack that allowed outsiders to access the firm’s email and calendar service through a software loophole previously unknown to the company. Volexity, the cybersecurity firm that first discovered the Exchange breach, and Microsoft concluded the attacks originated from China and appeared to be state-sponsored.

This has now led to the U.S. Justice Department charging four Chinese citizens from China’s secretive ministry of state security who are alleged to have hacked into the computer networks of dozens of companies, universities and government entities. China denies this:

“The U.S. ganged up with its allies and launched an unwarranted accusation against China on cybersecurity,” Chinese Foreign Ministry spokesman Zhao Lijian said Tuesday at a regular press briefing in Beijing. “It is purely a smear and suppression out of political motives. China will never accept this.”

But this is likely the beginning according to Director of Enterprise Security at Darktrace, David Masson:

“We have entered a new era of cyber-threat – attacks are increasing in speed, sophistication, and scale with malicious software like ransomware being able to encrypt an organization’s entire digital infrastructure in seconds. Even more alarmingly, geopolitical tensions are being played out in cyber battles with organizations getting caught in the crossfire.

Although it is difficult to attribute these attacks to any single nation-state, our government should take every opportunity to pressure cyber-criminals and grow international condemnation in the hopes of resetting the current state of unchecked nation and non-nation state cyber-aggression targeting countries globally. This lack of a unified strong and significant international response only further emboldens nation-state driven or sponsored cyber-attacks against the private sector and government institutions.

Canada can lead the way in putting every nation state and cybercriminal group, whether state-sponsored, supported, or simply sheltered, on notice that cyber-attacks will not only be taken extremely seriously, but that there could be a high cost where those responsible are held accountable through all levers of national power.

The priority must be protecting Canadian businesses and institutions from cyber-attacks that pose a threat to both economic and national security.”

Hopefully Canadian businesses, if not all businesses take heed of this warning.

DHS Warns Americans About Dealing With Chinese Firms Or With Firms With Chinese Citizens In “Leadership And Security-Focused Roles”…. Hmmmm

Posted in Commentary with tags , on December 23, 2020 by itnerd

Earlier today I posted a story on DHS warning consumers about TCL TVs running Android which allegedly contains back doors that could steal data. I did some hunting around and found that DHS has a broader  business advisory that was published on Wednesday that says that Chinese products and services could contain backdoors or other data collection systems. It also said that data theft could occur via insider threats and business partnerships. The goal is to harvest data from western companies for use in furthering China’s economic goals.

The advice that DHS has is to take care when sharing data with Chinese firms; using equipment produced or maintained by Chinese companies; and even when working with companies that have Chinese citizens in “key leadership and security-focused roles.” Which is pretty broad and borders on sounding racist to me. I have to wonder how much of this is a legitimate threat, and how much of this is xenophobia. I guess we’ll find out soon enough.

India Bans More Chinese Apps

Posted in Commentary with tags , on November 24, 2020 by itnerd

India is not done banning Chinese apps. The world’s second largest internet market, which has banned over 175 apps with links to the neighboring nation in recent months, said on Tuesday it was banning an additional 43 such apps.

Like with the previous orders, India cited cybersecurity concerns to block these apps. “This action was taken based on the inputs regarding these apps for engaging in activities which are prejudicial to sovereignty and integrity of India, defence of India, security of state and public order,” said India’s IT Ministry in a statement. The ministry said it issued the order to block these apps “based on the comprehensive reports received from Indian Cyber Crime Coordination Center, Ministry of Home Affairs.” The apps that have been banned include popular short video service Snack Video, which had surged to the top of the chart in recent months, as well as e-commerce app AliExpress, delivery app Lalamove, and shopping app Taobao Live. At this point, there doesn’t appear to be any Chinese app left in the top 500 apps used in India.

Oh boy. I think it’s safe to say that you can expect a response from China as this is pretty much an “F-U” to China. And that’s likely to be an instant response.

This should be fun to watch.

India Bans More Chinese Apps….. 118 Of Them….

Posted in Commentary with tags , on September 2, 2020 by itnerd

A few weeks ago I wrote a story about India banning TikTok over security concerns. There’s news now that they’ve banned 118 apps of Chinese origin including PUBG and Tencent. Medianama shared an official statement from the Indian government on the ban extension:

“The Ministry of Electronics and Information Technology has received many complaints from various sources including several reports about misuse of some mobile apps available on Android and iOS platforms for stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India. The compilation of these data, its mining and profiling by elements hostile to national security and defence of India, which ultimately impinges upon the sovereignty and integrity of India, is a matter of very deep and immediate concern which requires emergency measures,” the IT Ministry said in a statement.

You can fully expect this to inflame tensions between India an China. And those two countries have lots of tensions at the moment. Plus it will likely encourage the US to ban more Chinese apps. Especially seeing as the date to ban TikTok in the US is approaching.

US To Purge “Untrusted” Chinese Apps And Stop US Apps From Being Installed On Huawei Phones

Posted in Commentary with tags , , on August 6, 2020 by itnerd

This situation between the US and China is escalating further with news that the US is going to purge what it calls “untrusted” apps which all happen to be from China:

U.S. Secretary of State Mike Pompeo said expanded U.S. efforts on a program it calls “Clean Network” would focus on five areas and include steps to prevent various Chinese apps, as well as Chinese telecoms companies, from accessing sensitive information on American citizens and businesses. 

Pompeo’s announcement comes after U.S. President Donald Trump threatened to ban TikTok. The hugely popular video-sharing app has come under fire from U.S. lawmakers and the administration over national security concerns, amid intensified tensions between Washington and Beijing. 

“With parent companies based in China, apps like TikTok, WeChat and others are significant threats to personal data of American citizens, not to mention tools for CCP (Chinese Communist Party) content censorship,” Pompeo said.

To the shock of absolutely nobody, China is not at all happy:

In an interview with state news agency Xinhua on Wednesday, Chinese foreign minister Wang Yi said the United States “has no right” to set up the “Clean Network” and calls the actions by Washington as “a textbook case of bullying”.

“Anyone can see through clearly that the intention of the U.S. is to protect it’s monopoly position in technology and to rob other countries of their proper right to development,” said Wang.

But the US action doesn’t stop there. The US doesn’t want US apps on Huawei phones:

Pompeo said the United States was working to prevent Chinese telecoms firm Huawei Technologies Co Ltd from pre-installing or making available for download the most popular U.S. apps on its phones. 

“We don’t want companies to be complicit in Huawei’s human rights abuses, or the CCP’s surveillance apparatus,” Pompeo said, without mentioning any specific U.S. companies.

No matter how you look at it, this war between China and the US is going to be very bad and you can expect to see more shots traded between these two. Especially in the lead up to the US election in November.

BREAKING: US Department Of Justice Indicts 4 Chinese Nationals In Equifax Hack

Posted in Commentary with tags , on February 10, 2020 by itnerd

In the last few minutes, news is coming out that four Chinese Nationals are being charged by the US Department Of Justice in relation to the Equifax hack. The Washington Post has the details:

In a nine-count indictment filed in federal court in Atlanta, federal prosecutors alleged that four members of the People’s Liberation Army hacked into Equifax’s systems, stealing the personal data as well as company trade secrets. In a statement announcing the case, Attorney General William P. Barr called their efforts “a deliberate and sweeping instrusion into the private information of the American people.”

The fact that these four individuals are members of the Chinese military underscores the threat that nation states can pose to IT infrastructure. Also, it is highly unlikely that they will ever face trial in the US as I see no scenario where China hands them over to face US justice as I have to assume that they are still in China. Thus I can see a scenario where the US goes after the Chinese in cyberspace in retaliation for this hack, and perhaps others as China has been linked with other high profile hacks that have happened in teh last few years.

UPDATE: You can read the indictment here.

WhatsApp May Be Blocked In China

Posted in Commentary with tags , on July 19, 2017 by itnerd

The New York Times is reporting that popular messaging service WhatsApp appears t be blocked in China:

The blocks against WhatsApp originated with the government, according to a person familiar with the situation who declined to be named because they were not authorized to speak on the record about the disruption. Security experts also verified that the partial disruption in WhatsApp started with China’s internet filters.

“According to the analysis that we ran today on WhatsApp’s infrastructure, it seems that the Great Firewall is imposing censorship that selectively targets WhatsApp functionalities,” said Nadim Kobeissi, an applied cryptographer at Symbolic Software, a cryptography research start-up.

This isn’t trivial as WhatsApp has something in the area of 1.2 billion users worldwide. Thus this is going to get a lot of attention. The question is, will the Chinese government care about the blowback from this? We’ll have to watch and see.

Report Says China Not Cracking Down On VPNs…. Maybe

Posted in Commentary with tags on July 14, 2017 by itnerd

So, remember that story from earlier this week where I told you that China was going to crack down on VPN usage in the country. Well… There’s this report courtesy of The Paper  which thee folks over at Engadget spotted claims that China isn’t planning a blanket ban. In a statement, China’s Ministry of Industry and Information said that “authorized” VPNs such as domestic and international companies, won’t be affected. Whatever authorized means exactly.

So, all this report has done is made something that looked pretty black and white and turned it into grey. Lovely. If I were a betting man, I would bet on a VPN ban going into effect. Thus if you happen to be travelling to the country in 2018 and you need to use a VPN while you’re there, don’t plan on it working.