For years, the use of insecure smart home appliances and other Internet-connected devices has resulted in personal data leaks. Many smart devices require users’ location, contact details or access to cameras and microphones to set up, which expose people’s personal information, but are unnecessary to use the product. As a result, data breaches and security incidents continue to emerge worldwide through smartphone apps, smart speakers, TVs, air fryers and robot vacuums.
Last week, another major data breach was added to the list: Mars Hydro, a Chinese company that makes Internet of Things (IoT) devices such as LED grow lights and the software to control them remotely. Jeremiah Fowler, a cybersecurity researcher at vpnMentor, on Feb. 12 reported that Mars Hydro had left 1.17 terabytes of non-password-protected data containing 2.7 billion records online, including users’ Wi-Fi network names, Wi-Fi passwords, Internet protocol addresses and device IDs.
The exposed data appeared to belong to users of the company’s Mars Pro smartphone app, even though Mars Hydro’s privacy notices on Apple’s App Store and Google Play state that the app does not collect user data, Fowler said. Within hours of notifying Mars Hydro, the database was no longer publicly available, but it is uncertain how long it was left unprotected or if unauthorized parties had accessed it, he said. The incident demands further investigation to get a full picture of users’ exposure, he said, adding that the issue yet again raises concerns over the security and privacy of IoT devices.
The Mars Hydro incident comes as Chinese start-up DeepSeek’s artificial intelligence (AI) chatbot was recently found to have transferred user data to ByteDance Ltd, TikTok’s parent company, which prompted many countries to ban public-sector entities from using DeepSeek or suspend downloads of the Chinese app. In Taiwan, the Ministry of Digital Affairs on Jan. 31 said that government agencies would be prohibited from using DeepSeek, but it remains unclear if the ministry would restrict public use of the service if it contravenes data protection laws.
Concerns over data leaks and hacking from Chinese software and devices have grown in the past few years. Security experts warn that apps from Chinese e-commerce sites such as AliExpress and Temu, as well as China-made IP cameras, smart speakers and robot vacuums, have data security vulnerabilities. They say risks stem from potential backdoors embedded during manufacturing or coding to weaken encryption methods and provide gateways for cyberattacks.
Make no mistake: Concerns over data breaches also exist for devices made by non-Chinese vendors. However, the issue with products made in China or by Chinese-owned companies is that the Chinese Communist Party, with no democratic oversight, could exploit such information for surveillance or intelligence-gathering purposes, posing national security threats. In addition, most countries generally require businesses to obtain consent from users before collecting their personal information. Unfortunately, some Chinese services do not inform users or bypass this requirement when collecting personal data.
In November last year, the Ministry of Digital Affairs acknowledged the importance of IoT information security as such devices become more popular. It said that regardless of the country of origin or the type of device, user data could be collected and become a potential security risk. It added that it would launch information security labels for IoT devices sold in Taiwan and propose data protection guidelines for device makers. In the meantime, users can take simple steps to mitigate potential risks, such as changing default passwords, restricting the access software and devices have to personal information, stopping data sharing, monitoring device activity and turning off devices when not in use.
There is much evidence that the Chinese Communist Party (CCP) is sending soldiers from the People’s Liberation Army (PLA) to support Russia’s invasion of Ukraine — and is learning lessons for a future war against Taiwan. Until now, the CCP has claimed that they have not sent PLA personnel to support Russian aggression. On 18 April, Ukrainian President Volodymyr Zelinskiy announced that the CCP is supplying war supplies such as gunpowder, artillery, and weapons subcomponents to Russia. When Zelinskiy announced on 9 April that the Ukrainian Army had captured two Chinese nationals fighting with Russians on the front line with details
On a quiet lane in Taipei’s central Daan District (大安), an otherwise unremarkable high-rise is marked by a police guard and a tawdry A4 printout from the Ministry of Foreign Affairs indicating an “embassy area.” Keen observers would see the emblem of the Holy See, one of Taiwan’s 12 so-called “diplomatic allies.” Unlike Taipei’s other embassies and quasi-consulates, no national flag flies there, nor is there a plaque indicating what country’s embassy this is. Visitors hoping to sign a condolence book for the late Pope Francis would instead have to visit the Italian Trade Office, adjacent to Taipei 101. The death of
The Chinese Nationalist Party (KMT), joined by the Taiwan People’s Party (TPP), held a protest on Saturday on Ketagalan Boulevard in Taipei. They were essentially standing for the Chinese Communist Party (CCP), which is anxious about the mass recall campaign against KMT legislators. President William Lai (賴清德) said that if the opposition parties truly wanted to fight dictatorship, they should do so in Tiananmen Square — and at the very least, refrain from groveling to Chinese officials during their visits to China, alluding to meetings between KMT members and Chinese authorities. Now that China has been defined as a foreign hostile force,
On April 19, former president Chen Shui-bian (陳水扁) gave a public speech, his first in about 17 years. During the address at the Ketagalan Institute in Taipei, Chen’s words were vague and his tone was sour. He said that democracy should not be used as an echo chamber for a single politician, that people must be tolerant of other views, that the president should not act as a dictator and that the judiciary should not get involved in politics. He then went on to say that others with different opinions should not be criticized as “XX fellow travelers,” in reference to
RSS