Chinese Hackers Backdooring Digital Locks To Steal Sensitive Data


United States Senator Ron Wyden warned and notified the Director of the National Counterintelligence and Security Center (NCSC), Michael C. Casey, that Chinese hackers are actively backdooring digital locks to steal sensitive data.

As a result, Hackers target and backdoor the digital locks to gain unauthorized access to sensitive information and resources.

Backdooring allows hackers to maintain access even after the initial breach, facilitating the threat actors’ ability to keep ongoing unauthorized activities active.

Document

Free Webinar: Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:


Technical Analysis

Ryden urges NCSC to warn businesses about substandard commercial safe lock risks. Many have undisclosed manufacturer backdoor reset codes that are known only to makers. 

According to the report, Lock companies receive demands from agencies for these codes granting safe access. Foreign threat actors could exploit the backdoors to steal trade secrets and IP stored in business safes.

The Department of Defense (DoD) emailed on November 8, 2023, that manufacturer reset codes are prohibited in approved government locks due to a threat. 

On December 15, 2023, the white paper showed that standards omit backdoor mentions to hide their existence. The public was kept in the dark after the government secured itself against vulnerability. 

Chinese firm SECURAM dominates the consumer safe lock market with low-cost models. Website docs confirm products have undisclosed reset codes.

As a result, SECURAM must assist with the surveillance demands, potentially compromising business safety.

The U.S. rival S&G has confirmed that many products have reset codes that must be disclosed to the government and litigants. 

The policy on code turnover is also provided, as the codes are enticing targets for hacking and espionage.

Only S&G (Sargent and Greenleaf) locks without backdoors are approved for U.S. government-classified data storage.

NCSC should warn businesses about foreign spy threats to intellectual property. Firms can’t defend trade secrets if unaware of safe lock vulnerabilities. 

Ron Wyden urges NCSC to update the public guidance recommending business safes meet strict government security standards. 

Besides this, transparent advisory is needed to protect America’s economic edge from espionage exploitation.

Also Read: CyberSec Firm i-Soon Leak Exposes The Tools Used By Chinese Hackers

Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.





Source link