Network devices from several Chinese manufacturers are insecure and allow personal information to be leaked, testing commissioned by the Executive Yuan has shown.
A variety of devices and software, including apps, from Chinese, US and South Korean manufacturers that are used by government agencies at the central and local level were subjected to black-box testing — in which the functionality of an application is examined without knowing about its internal structure, an information-security official said yesterday on condition of anonymity.
The Telecom Technology Center conducted the tests, which simulated cyberattacks, to determine their resilience to the attacks, the official said.
The center said it would send the results of the tests to the manufacturers and retest the affected devices in two months, pending software updates.
The Chinese manufacturers included Xiaomi Corp (小米), Oppo Mobile Telecommunications Corp (歐珀), Hangzhou Hikvision Digital Technology Co (杭州海康威視數字技術) and Zhejiang Dahua Technology Co (浙江大華技術).
Information stored on some of the tested Chinese-made products was found to be insecure, the official said.
Of the software that failed to meet national requirements for information security, one app was from Oppo and seven were from Xiaomi, while software and devices from Samsung Electronics Co and Apple Inc passed all their tests, the official said.
Tests on devices from Hikvision and Dahua were aimed at testing the security of their system software, identity-recognition software, authorization mechanisms and their protection of personal information, the official said.
The monitoring software in Hikvision network camera model DFI 6257E and Dahua infrared camera model DH-IPC-HFW1230SN exhibited abnormal behavior, did not have alert functions and received a relatively low score of seven in version 3.1 of the Common Vulnerability Scoring System, which indicates security loopholes, the official said.
Both devices also used an insecure encryption system and an insufficiently complex verification system, and neither had shells designed to prevent dismantling, the official said.
The center also conducted tests on drones built by Shenzhen DJI Sciences and Technologies (深圳大疆創新科技有限公司), which supplies the drones used by Taiwan Water Corp (台灣自來水).
Tests on the company’s Mavic Pro, Mavic 2 Pro and Phantom 4 Pro V2.0 models showed signs of signal interference, which appeared in the devices’ logs, the official said.
They all had weak information-security mechanisms, among other problems, the official added.
‘NO EQUILIBRIUM’: Taiwan’s increased defense spending is a good step, but it needs to do more to have the ability to deter aggression from China, a senior US official said The US plans to sell as many as seven major weapons systems — including mines, cruise missiles and drones — to Taiwan, four people familiar with the discussions said. Pursuing seven sales at once is a rare departure from years of precedent in which US military sales to Taiwan were spaced out and carefully calibrated to minimize tensions with Beijing. However, US President Donald Trump’s administration has this year become more aggressive with China, and the sales would land as relations between Beijing and Washington are at their lowest point in decades over accusations of spying, lingering trade tensions, disputes about the
CLOSE ENCOUNTERS: Several of the PLA fighter jets that crossed the median line of the Strait came within 68km of Hsinchu, drawing warnings from Taiwan, the ministry said At least 18 Chinese military aircraft yesterday flew into the nation’s air defense identification zone (ADIZ) on the second day of a US delegation’s visit, the Ministry of National Defense said, adding that the military responded by deploying an air defense missile system to monitor their activities. A delegation led by US Undersecretary of State for Economic Growth, Energy and the Environment Keith Krach on Thursday started a three-day visit to Taiwan. The ministry from Thursday started publicizing the actions of the Chinese People’s Liberation Army (PLA) in Taiwan’s ADIZ on its Web site and Twitter. According to ministry reports, 18 PLA aircraft
ON THEIR OWN: The KMT has decided not to participate as a party at this year’s forum, and if any members do go, they would not be representing the party, Alicia Wang said The Chinese Nationalist Party (KMT) yesterday announced that it would not send a delegation “as a political party” to this year’s Straits Forum, after a Chinese TV program described the planned visit to the annual meeting as “suing for peace.” The 12th forum is scheduled to open in Xiamen, China, on Saturday. On Tuesday last week, the KMT announced that former legislative speaker Wang Jin-pyng (王金平) would lead the party’s delegation to the forum, with KMT Secretary-General Lee Chien-lung (李乾龍) as deputy head. However, on Thursday last week, China Central Television’s (CCTV) Yangshipin (央視頻) program, hosted by Li Hong (李紅), included a headline
WORKING OVERTIME? NTU professor Lee Duu-jong denied that he had held a part-time position at a Chinese university or joined China’s Thousand Talents Program A candidate for the post of National Taiwan University of Science and Technology (NTUST) president yesterday dropped out of the race following a report questioning his links to Chinese academia and government programs. Lee Duu-jong (李篤中), a professor at National Taiwan University’s (NTU) chemical engineering department, was a member of China’s Changjiang Scholars’ Program in 2006 and was on the list of its Thousand Talents Program in 2017, a report by Chinese-language Mirror Media magazine said yesterday. The article said that Lee is suspected of having held a part-time job at the Harbin Institute of Technology in China and was the recipient