The idea to ban TikTok is shocking or obvious depending on perspective. While the proposal likely sends a shiver down the spine of every influencer, it comes as no surprise to those following foreign policy or cybersecurity. This is because the social media giant is but the tip of the iceberg when it comes to questionable Chinese tech.
Today, the developed world is being flooded with Chinese gadgets made of vulnerable third-party components. This major issue is thrown into even further relief by US government attempts to build a “clean network” to root out dodgy devices from the public sector. Let’s explore why TikTok is a symptom of a wider tech problem and what we must do about it.
The danger of dodgy devices
The rise of IoT is synonymous with the rise of Chinese IoT. As an expert in this field for more than two decades, I have been very interested in recent years to see sensor prices fall as device numbers skyrocket. During this time, Chinese device makers have successfully cornered the market to supply the vast majority of third-party software and third-party part production. This is especially evident in low-end security cameras where customers are hard-pressed to find something that is not Chinese made.
You might be asking yourself: “so what?” Well, while connected devices certainly make our lives more comfortable, they simultaneously make our cybersecurity more vulnerable. IoT devices contain a variety of components and different communication stacks which provide many ways for malicious parties to hack into them – and this is something we have seen in differing contexts. For example, connected device loopholes led to a Distributed Denial-of-service (DDoS) attack shutting down a Finnish city’s central heating system, while poor security in smart light bulbs led to the leaking of Wi-Fi credentials.
It is important to highlight that Chinese IoT attracts far more criticism than devices produced elsewhere due to the geopolitics at play. While connected devices as a whole are not perfect in terms of cybersecurity, Chinese devices are additionally beset by dubious government connections and cyber-espionage controversies. This lack of separation between politics and tech is evident with companies like Huawei, for example, which is owned by a Chinese trade union committee. The Chinese Communist Party heads such committees, meaning all devices are mere steps away from direct government ownership. It is this uncomfortable combination of government links, low encryption, and third-party vulnerabilities which raises serious question marks about Chinese IoT.
The great digital firewall
The United States is now challenging the real and present threat of untrustworthy IoT. In August, The US state department announced that it would expand its “Clean Network” initiative to root out major Chinese tech from the US system. The department said the move is aimed at guarding US citizens’ privacy and US companies’ sensitive information from “aggressive intrusions by malign actors.”
This latest escalation of tensions between the world’s two superpowers points to the cybersecurity danger of Chinese IoT. For example, an integral element of the initiative is to create a “clean store” by removing untrusted applications from American mobile app stores. Chinese apps “threaten our privacy, proliferate viruses, and spread propaganda and disinformation,” said Mike Pompeo, the secretary of state. Tellingly, mobile apps which facilitate the remote control of Chinese devices will be impacted by the ban.
This sprawling cybersecurity announcement brings attention to the wider fallibility of Chinese tech and calls into question whether enterprise customers and everyday citizens should follow suit.
Returning trust to untrustworthy devices
With billions of IoT devices coming to market now and over the next few years, security must no longer be an afterthought. Thankfully, there are three easy steps enterprise customers and private users can take to ensure their home networks remain away from bad actors.
First, users are best advised to separate their home networks between trusted and non-trusted devices. Just like you would never connect your PC to public networks, you should never connect unknown devices to your personal network. Instead, create a separate network and connect devices with low-security thresholds there.
Second, users should purchase products from reputable brands and trusted regions. While the price might be higher, so too will the security threshold of devices. All devices sold in the European Union, for example, are subject to the General Data Protection Regulation which mandates the collection, storage, analysis, and sharing of data related to IoT.
Third, install peer-to-peer connections. This type of connection establishes a direct communication infrastructure between two peers – like from a smartphone to a surveillance camera – to remove any doubt that the data is being accessed by a third-party. Once established, clients then interact directly with devices in an end-to-end, encrypted connection to prevent information from landing in the wrong hands.
It is sad but true that the onus remains squarely on users to protect themselves in this ongoing cybersecurity battle. While devices are cheaper today, it does not mean that they are better or inherently trustworthy. In fact, The United States government is of the opposite opinion. TikTok and other Chinese tech brands offer a timely reminder that data is never secure unless the user takes steps to make it so.
My best advice is to strongly consider your security circumstances before connecting any device to your home or business network – because you never know who is watching.