Xiaomi IoT Products and National Security

Jabba the Hutt on 22/04/2017 - 14:27
Last edited 22/04/2017 - 14:29 by 1 other user

Stevetheadventurer joked about it in a deal the other day, but for some time it's struck me as a genuine issue that we're blissfully hooking up all manner of Xiaomi products to our local networks and phones, in the context of enduring geopolitical tensions with China and the (hopefully never realised) potential for serious conflict.

China has long been justifiably concerned about market penetration of tech products from strategic rivals (chiefly the US), and the Snowden disclosures demonstrated the extent to which government can quietly partner with tech companies for 'national security' purposes.

What's new about a company like Xiaomi is the extent to which it's based in China, and its sheer range of appealing IoT products (for which manufacturer-device communication and control is considered unremarkable). With enough market penetration abroad, these could offer a significant cyber-espionage and cyber-warfare capability, to which China's government could have relative ease of access.

Would it be correct to say that many of us are relying on our own government to have our backs when it comes to this issue?

Electrical & Electronics

Comments

  • AdosHouse on 22/04/2017 - 14:43
    +5

    I have so many "smart" Xiaomi products; Smart bulbs, smart power switches, smart switch, door/window sensors, gateway, temperature/humidity sensor, IP camera, desk light, plus the power banks, USB power reading light……that's all I can think of right now.

    All I can say is that I have embraced our soon-to-be Chinese Overlords.

  • Baron-K on 22/04/2017 - 15:15
    +5

    To be honest I'm more worried about the USA's access to my devices and privacy via apple, google etc, I'm unsure the PLA could achieve much by taking control of my lightbulbs.

    • whooah1979 on 22/04/2017 - 17:04
      +2

      To be honest I'm more worried about the USA's access to my devices and privacy via apple, google etc.

      this is why we've slowly made the switch from android to ios. samsung to iphone, nexus to ipad.

      apple seems to be more willing to stand up to the government if they think that the government's requests will hurt sales. san bernardino and a number of other cases suports that.
      https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_d…

      • Wystri Warrick on 23/04/2017 - 02:52

        To tired to read the article. If what you say about Apple is true, then this is humiliating for me, but 1+ for Apple. I'm a supporter of open source software, not propriety locked down secret software.

    • derek324 on 22/04/2017 - 17:31
      +1

      Typically someone who wants to break into your system and steal personal data, bank details, etc, looks for a weakest link to gain access to your home network. Once inside your network it is much easier (sometimes trivial) to access passwords on your notebook (be it Windows, Android or OS). It is not about taking control of a lightbulb.

  • Diji1 on 22/04/2017 - 15:20
    +4

    So you're really worried about the Chinese gummints for some reason instead of the continuous and ongoing appalling security across the IoT sector as a whole. That appalling security record allows any hacker in the Chinese gummints along with everywhere else.

    BTW are you aware that the Australian gummints has legislated dragnet surveillance of every citizen in this country?

    You seem to be worrying about molehills instead of elephants if I can mix up two sayings.

    • Baron-K on 22/04/2017 - 15:31
      +2

      Department of Meta-Juicy Fruit?

    • Jabba the Hutt on 22/04/2017 - 16:10
      +2

      Wouldn't say I'm really worried, but certainly concerned about its potential and curious what others' attitudes are. These issues aren't mutually exclusive - being a follower of Schneier's writings on the general sorry state of IoT security and the damage that's doing is probably how my thoughts ended up here. This is more of a sleeper issue that I think could become an 'elephant' if the proverbial hit the fan.

      • derek324 on 22/04/2017 - 17:40
        +2

        It is not being paranoid. IoT devices security is very poor, and their popularity creates more and more weak points in millions of otherwise relatively secure home networks. As can be seen from various responses here and in many other places most people can not see beyond humor of someone trying to control a light bulb in their home. The same people understand that they should have anti-virus software, and fail to see humor in pop up messages a virus displays after infecting a system. Inconsistent? Oh yes.

  • Ryanek on 22/04/2017 - 16:07
    +6

    When if all of a sudden your Xiaomi LED bedroom light burns bright red, then you will know… the Chinese invasion is upon us.

    • Baron-K on 22/04/2017 - 16:47
      +2

      Beware the countdown clock on the induction rice cooker!

  • Clear on 22/04/2017 - 16:34
    +3

    Something most people don't know is that Xiaomi don't even make close to half of their products. Other companies do and Xiaomi put their branding on it.

    • Wystri Warrick on 23/04/2017 - 02:55
      +1

      Very interesting, I did not know this :)

  • Stevetheadventurer on 22/04/2017 - 18:43

    For Those who are Really Worried I'm giving up my only means of defense to whoever wants it.

    Anti IoT Alfoil Hat Ozb Edition

    Regards,

    Stevetheadventurer

  • afoveht on 22/04/2017 - 20:19
    +2

    I find Schneier's take very sensible. As much as I detest authoritative regulation I can't see a better approach towards security before it's too late, which it might already be anyway.

    http://icitech.org/wp-content/uploads/2016/12/ICIT-Brief-Ris…

    • derek324 on 22/04/2017 - 23:58
      +1

      Good source, thanks for sharing. Is it already too late? Probably.

Login or Join to leave a comment
Login Join