Network devices from several Chinese manufacturers are insecure and allow personal information to be leaked, testing commissioned by the Executive Yuan has shown.
A variety of devices and software, including apps, from Chinese, US and South Korean manufacturers that are used by government agencies at the central and local level were subjected to black-box testing — in which the functionality of an application is examined without knowing about its internal structure, an information-security official said yesterday on condition of anonymity.
The Telecom Technology Center conducted the tests, which simulated cyberattacks, to determine their resilience to the attacks, the official said.
The center said it would send the results of the tests to the manufacturers and retest the affected devices in two months, pending software updates.
The Chinese manufacturers included Xiaomi Corp (小米), Oppo Mobile Telecommunications Corp (歐珀), Hangzhou Hikvision Digital Technology Co (杭州海康威視數字技術) and Zhejiang Dahua Technology Co (浙江大華技術).
Information stored on some of the tested Chinese-made products was found to be insecure, the official said.
Of the software that failed to meet national requirements for information security, one app was from Oppo and seven were from Xiaomi, while software and devices from Samsung Electronics Co and Apple Inc passed all their tests, the official said.
Tests on devices from Hikvision and Dahua were aimed at testing the security of their system software, identity-recognition software, authorization mechanisms and their protection of personal information, the official said.
The monitoring software in Hikvision network camera model DFI 6257E and Dahua infrared camera model DH-IPC-HFW1230SN exhibited abnormal behavior, did not have alert functions and received a relatively low score of seven in version 3.1 of the Common Vulnerability Scoring System, which indicates security loopholes, the official said.
Both devices also used an insecure encryption system and an insufficiently complex verification system, and neither had shells designed to prevent dismantling, the official said.
The center also conducted tests on drones built by Shenzhen DJI Sciences and Technologies (深圳大疆創新科技有限公司), which supplies the drones used by Taiwan Water Corp (台灣自來水).
Tests on the company’s Mavic Pro, Mavic 2 Pro and Phantom 4 Pro V2.0 models showed signs of signal interference, which appeared in the devices’ logs, the official said.
They all had weak information-security mechanisms, among other problems, the official added.
FRUIT SPAT: The COA said China had not given evidence for halting wax and custard apple imports, adding that it would spend NT$1bn on promoting sales of the fruit Taipei threatened to take China to the WTO yesterday after Beijing said it would suspend wax apple and custard apple imports from Taiwan due to pest concerns. China’s customs administration earlier yesterday said it had repeatedly found pests called Planococcus minor, a type of mealybug, on wax and custard apples from Taiwan. It asked its Guangdong branch and all affiliated offices to stop clearing the products from today. China had acted unilaterally, without providing scientific evidence, Council of Agriculture (COA) Minister Chen Chi-chung (陳吉仲) told a news conference, criticizing the announcement’s timing, as it came during the Mid-Autumn Festival, celebrated in Taiwan
ON ALERT: A woman who tested positive for COVID-19 while abroad last year tested negative twice in Taiwan before showing a positive result on Sunday, the center said The Central Epidemic Command Center (CECC) yesterday reported two locally transmitted COVID-19 infections, four imported cases and no deaths. The CECC meanwhile warned nearly 500 people to monitor their health after a woman tested postive. The center also reported that a previous local case — a female worker at Taoyuan International Airport Services (桃園航勤), who had the Delta variant of SARS-CoV-2 — likely contracted the disease from the same source as a previous imported case from Turkey. Minister of Health and Welfare Chen Shih-chung (陳時中), who heads the center, said that the two local cases were reported in Taipei, and are a
The Lithuanian Ministry of National Defense recommended that consumers avoid buying Chinese mobile phones and advised people to throw away the ones they have now after a government report found the devices had built-in censorship capabilities. Flagship phones sold in Europe by China’s smartphone giant Xiaomi Corp (小米) have a built-in ability to detect and censor terms such as “Free Tibet,” “Long live Taiwan independence” or “democracy movement,” Lithuania’s state-run cybersecurity body said on Tuesday. The capability in Xiaomi’s Mi 10T 5G phone software had been turned off for the “European Union region,” but can be turned on remotely at any time,
CLOSED DOORS? The new US rules, which are to be implemented in November, have sparked concern in Taiwan, given its low fully vaccinated coverage rate The US plans to allow entry to most foreign air travelers as long as they are fully vaccinated against COVID-19 — while adding a testing requirement for unvaccinated Americans and barring entry for foreigners who have not received shots. The measures announced on Monday by the White House mark the most sweeping change to US travel policies in months, and widen the gap in rules between vaccinated people — who would see restrictions relaxed — and unvaccinated people. The new rules would replace existing bans on foreigners’ travel to the US from certain regions, including Europe. While the move would open the