Network devices from several Chinese manufacturers are insecure and allow personal information to be leaked, testing commissioned by the Executive Yuan has shown.
A variety of devices and software, including apps, from Chinese, US and South Korean manufacturers that are used by government agencies at the central and local level were subjected to black-box testing — in which the functionality of an application is examined without knowing about its internal structure, an information-security official said yesterday on condition of anonymity.
The Telecom Technology Center conducted the tests, which simulated cyberattacks, to determine their resilience to the attacks, the official said.
The center said it would send the results of the tests to the manufacturers and retest the affected devices in two months, pending software updates.
The Chinese manufacturers included Xiaomi Corp (小米), Oppo Mobile Telecommunications Corp (歐珀), Hangzhou Hikvision Digital Technology Co (杭州海康威視數字技術) and Zhejiang Dahua Technology Co (浙江大華技術).
Information stored on some of the tested Chinese-made products was found to be insecure, the official said.
Of the software that failed to meet national requirements for information security, one app was from Oppo and seven were from Xiaomi, while software and devices from Samsung Electronics Co and Apple Inc passed all their tests, the official said.
Tests on devices from Hikvision and Dahua were aimed at testing the security of their system software, identity-recognition software, authorization mechanisms and their protection of personal information, the official said.
The monitoring software in Hikvision network camera model DFI 6257E and Dahua infrared camera model DH-IPC-HFW1230SN exhibited abnormal behavior, did not have alert functions and received a relatively low score of seven in version 3.1 of the Common Vulnerability Scoring System, which indicates security loopholes, the official said.
Both devices also used an insecure encryption system and an insufficiently complex verification system, and neither had shells designed to prevent dismantling, the official said.
The center also conducted tests on drones built by Shenzhen DJI Sciences and Technologies (深圳大疆創新科技有限公司), which supplies the drones used by Taiwan Water Corp (台灣自來水).
Tests on the company’s Mavic Pro, Mavic 2 Pro and Phantom 4 Pro V2.0 models showed signs of signal interference, which appeared in the devices’ logs, the official said.
They all had weak information-security mechanisms, among other problems, the official added.
The combined effect of the monsoon, the outer rim of Typhoon Fengshen and a low-pressure system is expected to bring significant rainfall this week to various parts of the nation, the Central Weather Administration (CWA) said. The heaviest rain is expected to occur today and tomorrow, with torrential rain expected in Keelung’s north coast, Yilan and the mountainous regions of Taipei and New Taipei City, the CWA said. Rivers could rise rapidly, and residents should stay away from riverbanks and avoid going to the mountains or engaging in water activities, it said. Scattered showers are expected today in central and
COOPERATION: Taiwan is aligning closely with US strategic objectives on various matters, including China’s rare earths restrictions, the Ministry of Foreign Affairs said Taiwan could deal with China’s tightened export controls on rare earth metals by turning to “urban mining,” a researcher said yesterday. Rare earth metals, which are used in semiconductors and other electronic components, could be recovered from industrial or electronic waste to reduce reliance on imports, National Cheng Kung University Department of Resources Engineering professor Lee Cheng-han (李政翰) said. Despite their name, rare earth elements are not actually rare — their abundance in the Earth’s crust is relatively high, but they are dispersed, making extraction and refining energy-intensive and environmentally damaging, he said, adding that many countries have opted to
FORCED LABOR: A US court listed three Taiwanese and nine firms based in Taiwan in its indictment, with eight of the companies registered at the same address Nine companies registered in Taiwan, as well as three Taiwanese, on Tuesday were named by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) as Specially Designated Nationals (SDNs) as a result of a US federal court indictment. The indictment unsealed at the federal court in Brooklyn, New York, said that Chen Zhi (陳志), a dual Cambodian-British national, is being indicted for fraud conspiracy, money laundering and overseeing Prince Holding Group’s forced-labor scam camps in Cambodia. At its peak, the company allegedly made US$30 million per day, court documents showed. The US government has seized Chen’s noncustodial wallet, which contains
SUPPLY CHAIN: Taiwan’s advantages in the drone industry include rapid production capacity that is independent of Chinese-made parts, the economic ministry said The Executive Yuan yesterday approved plans to invest NT$44.2 billion (US$1.44 billion) into domestic production of uncrewed aerial vehicles over the next six years, bringing Taiwan’s output value to more than NT$40 billion by 2030 and making the nation Asia’s democratic hub for the drone supply chain. The proposed budget has NT$33.8 billion in new allocations and NT$10.43 billion in existing funds, the Ministry of Economic Affairs said. Under the new development program, the public sector would purchase nearly 100,000 drones, of which 50,898 would be for civil and government use, while 48,750 would be for national defense, it said. The Ministry of
RSS