According to a recent announcement from the Department of Homeland Security (DHS) obtained by ABC News, networked cameras manufactured in China have given the Chinese Communist government the ability to “conduct espionage activities or disrupt critical infrastructure in the United States.”
The DHS warning states that Chinese cyber actors have previously exploited networked cameras, and without stricter limitations on these cameras, they could potentially obtain access and manipulate systems.
The announcement highlights that these cameras often lack data encryption and security settings, and come with default communication features with the manufacturer. It is believed that tens of thousands of Chinese-manufactured cameras have been installed in the networks of critical infrastructure sectors in the US, including chemical and energy departments.
The statement points out, “Cyber attackers can use cameras installed on IT networks for initial access then pivot to other devices to steal sensitive process data. Attackers could leverage this data to craft attack plans or disrupt business systems. Cyber attackers can use cameras installed on security systems to suppress alarms, trigger false alarms, or disable fail-safe mechanisms.”
Until early 2024, the Department of Homeland Security estimated that 12,000 Chinese-made network cameras were in use in hundreds of critical infrastructure facilities in the US.
The announcement reveals that despite the FCC’s ban on importing such cameras, the number of these cameras installed in US networks increased by 40% between 2023 and 2024, possibly due to the practice of white labeling.
At least since 2020, state-sponsored Chinese hackers have been widely targeting vulnerabilities exposed by these Chinese-made cameras.
Data from the Office of the Director of National Intelligence’s Commercial Cyber Threat Intelligence Program shows that in March 2024, a US oil and gas company’s use of Chinese-made cameras communicated with Chinese servers, with one server potentially linked to Chinese government-supported cyber actors.
Network security expert David Reid from Cedarville University stated in an interview with 12 News that the Department of Homeland Security is currently examining which foreign products pose threats.
Reid emphasized the importance of understanding the origins and nature of these products and questioned their trustworthiness. He highlighted the various sectors where these cameras are used, such as water treatment plants and transportation systems.
Michael Nowatkowski, a network security expert from Augusta University, underscored the risk posed by tens of thousands of Chinese-made cameras connected to US infrastructure networks. He warned about potential backdoors that allow unauthorized remote connections.
Nowatkowski advised caution when purchasing such devices, as some may have lower prices but include backdoors or additional access permissions without the user’s knowledge.
These revelations raise concerns about the security implications of Chinese-made cameras in critical infrastructure in the United States and the potential threat they pose to national security and privacy. Vigilance and proactive measures are essential to address these vulnerabilities and protect sensitive systems from exploitation by malicious actors.