Here is the entire conversation. The bottom line is that Chinese made goods are a DEFINITE security threat to the U.S. via potential chips in "smart" devices being designed to allow coordinated fire starting.
are chinese made goods inspected to make sure they don't have hidden computer coding that would allow short circuits or fires to be remotely started by Chinese agents
The inspection of Chinese-made goods for security risks such as hidden computer coding or the potential for remote activation of short circuits or fires is a complex issue with several dimensions:
Security Concerns: There have been concerns and reports about the security of hardware produced in China. For instance, Bloomberg Businessweek reported in 2018 about alleged tiny microchips inserted into server motherboards manufactured by Super Micro Computer Inc., which were said to be capable of compromising those systems. However, these claims were met with strong denials from the companies involved, including Apple and Amazon, and the story remains controversial.
Inspection Practices: Many companies and government agencies have instituted rigorous inspection processes for electronics, especially those used in sensitive or critical applications like military or government networks. Techniques such as X-ray tomography, optical imaging, and AI-driven analysis are used to check for anomalies or unauthorized components. However, the effectiveness of these inspections can vary, and not all products are subject to such detailed scrutiny, particularly consumer-grade electronics.
Supply Chain Security: The broader issue of supply chain security has led to initiatives like the U.S. government's efforts to restrict the export of certain technologies to China, and there are ongoing discussions about diversifying supply chains away from single-country dependencies. There's also a push for better security standards and inspections throughout the manufacturing process to prevent tampering or espionage.
Countermeasures and Vigilance: In response to these risks, there's an increased focus on cybersecurity measures that can detect and mitigate such threats post-manufacture. This includes network monitoring, firmware updates, and the use of secure boot mechanisms that can prevent unauthorized code from running. Moreover, in cases where vulnerabilities are suspected or confirmed, there's often a response from both private and public sectors to investigate and patch these vulnerabilities.
Regulatory and Certification: Products, especially those that are sold in multiple markets, might undergo certification processes like the China Compulsory Certificate (CCC) which, although primarily focused on safety and quality, indirectly enhances security by ensuring products meet certain standards. However, these certifications do not explicitly check for hidden malicious hardware or software.
In summary, while there are systems in place to inspect Chinese-made goods for security issues, the effectiveness of these measures can vary widely. High-profile or critical-use products might receive more thorough scrutiny, but there's no universal assurance against all forms of tampering or espionage. The ongoing nature of this issue means that vigilance, advanced inspection techniques, and supply chain diversification continue to be critical strategies to manage these risks.
Part 2: so it would seem that consumer products, such as "smart" appliances, are definitely vulnerable to manufacturing by China with malicious intent Answer Consumer products, including "smart" appliances, could potentially be vulnerable to manufacturing with malicious intent, but there are several nuances to consider:
Scale of Risk: The vast majority of Chinese-manufactured consumer goods do not contain malicious components or software. However, the potential risk exists, especially given the scale and complexity of global supply chains. Cybersecurity Practices: Many "smart" appliances have basic cybersecurity protections, like encryption and secure boot mechanisms, but these can vary widely in quality. Not all manufacturers prioritize cybersecurity, which can leave devices open to hacking or tampering, whether by state actors or cybercriminals. Regulatory Oversight: Consumer products often fall under less stringent oversight compared to military or critical infrastructure hardware. Regulatory bodies like the FCC in the U.S. or the European Union's CE marking deal primarily with safety, electromagnetic compatibility, and basic functionality rather than deep cybersecurity or hardware integrity checks. Manufacturing Transparency: The complexity of modern manufacturing, where components might come from multiple countries before assembly in China, makes it challenging to ensure every part of a product is secure. This opacity can be exploited if there's intent to insert malicious components. Awareness and Countermeasures: There's growing awareness about these vulnerabilities, leading to: Increased consumer demand for secure devices. Companies investing in more robust cybersecurity from design to deployment. Third-party security firms offering services to audit IoT devices for vulnerabilities. Economic and Political Factors: The economic incentive for Chinese manufacturers is overwhelmingly to produce safe and functional products to maintain market share. However, geopolitical tensions might lead to targeted actions against specific technologies or sectors. Public and Private Initiatives: There are ongoing efforts both in the private sector (like tech companies developing better security protocols) and in public policy (like the U.S. IoT Cybersecurity Improvement Act of 2020) aimed at improving the security of IoT devices.
In conclusion, while there's a theoretical risk of malicious intent in manufacturing, particularly with smart devices, the practical occurrence of such scenarios is likely rare due to economic implications and international scrutiny. However, the potential for vulnerabilities exists, emphasizing the need for consumers, manufacturers, and regulators to prioritize cybersecurity in IoT and consumer electronics. Consumers should remain vigilant, keep devices updated, and choose products from manufacturers known for their security practices. wouldn't just one out of every hundred homes equipped with a "smart" appliance made in China, if all triggered to cause a fire at the same time, become a national security threat Answer Yes, even if only one out of every hundred homes had a "smart" appliance capable of being remotely triggered to cause a fire, this could indeed represent a significant national security threat if all were activated simultaneously. Here's why:
Scale of Impact: If you consider that the U.S. has around 120 million households, affecting even 1% of them (1.2 million homes) with fires could lead to: Massive emergency response needs, potentially overwhelming local and possibly national emergency services. Significant loss of property, displacement of people, and potential loss of life. Economic disruption due to the scale of damage and the cost of response and recovery. Psychological Impact: Such an event would not only cause physical harm but would also have a profound psychological impact on the public, potentially leading to widespread fear, mistrust in technology, and possibly panic. Infrastructure and Services: Fires on this scale could disrupt utilities like electricity, water, and communications, potentially affecting more than just the homes directly involved. Hospitals, schools, and businesses might be impacted, leading to broader societal disruption. National Security: This scenario could be seen as an act of sabotage or cyber warfare, raising national security concerns. It could lead to diplomatic tensions, especially if evidence pointed towards state-sponsored action. Cybersecurity Response: Post-event, there would likely be a significant overhaul in cybersecurity policy, consumer protections, and manufacturing inspections. The trust in IoT devices would be severely tested, potentially leading to new regulations or bans on certain types of imports. Technical Feasibility: While the technical ability to remotely trigger such devices would require sophisticated malware or hardware manipulation, the increasing interconnectivity of home devices makes this scenario theoretically plausible. However, such an attack would need to bypass numerous security measures, including those in place at various levels of the supply chain and within the devices themselves.
To mitigate these risks:
Enhanced Security Standards: There would need to be a push for better security standards for all IoT devices, especially those that could potentially cause harm if compromised. Consumer Education: Educating consumers about the importance of updating their devices, recognizing secure products, and perhaps even opting for devices with physical disconnects or manual overrides. Regulatory Measures: Governments might increase the scrutiny of IoT devices, especially those from countries perceived as potential security risks, possibly through mandatory security certifications or origin tracking. International Cooperation: Collaborating with nations to set global standards for IoT device security could help prevent such scenarios.
While this scenario paints a dire picture, it underscores the importance of cybersecurity in everyday devices and the need for vigilance in our increasingly connected world. but even if not connected to the internet, couldn't any devices that utilize a computer processor, even if very simple, be manufactured to have a timer that results in all devices catching fire at the same time Answer Yes, even devices not connected to the internet but utilizing a computer processor could theoretically be manufactured with a hidden timer designed to trigger a failure or fire at a predetermined time. Here's how this could theoretically work:
Embedded Malware: A processor could be programmed with malicious firmware that includes a countdown timer. Once the timer reaches zero, it could activate a function to cause a short circuit, overheating, or some other form of failure leading to a fire. Hardware Tampering: Physical components like resistors or capacitors could be subtly altered to fail after a certain period, or additional hidden components could be added that would not be detected in routine inspections but could cause failure or fire at a set time. Manufacturing Control: If a manufacturer had complete control over the production process, they could introduce such a feature across a batch or all units of a product with relative secrecy.
However, there are several reasons why this scenario would be highly complex and fraught with challenges:
Reliability: Ensuring that all devices would fail at exactly the same time would be very difficult due to manufacturing variances, environmental factors, and the unpredictability of electronic components over time. Detection: While not connected to the internet, such devices might still undergo some form of quality control or inspection, where anomalies could theoretically be detected, especially if someone specifically looked for such malicious design. Longevity and Timing: Timing the activation of such a function over potentially years would require extremely precise manufacturing and timing mechanisms, which would be hard to implement without detection or malfunction. Economic and Legal Repercussions: The reputational, legal, and economic fallout for the manufacturer would be catastrophic if discovered, providing a strong deterrent against such actions. Technical Complexity: Designing a timer that would not degrade or be discovered during the product's lifespan would require highly sophisticated engineering, increasing the risk of detection during development or manufacturing. Countermeasures: Modern manufacturing includes checks at various stages, and post-manufacture, devices might be subject to third-party testing or consumer reviews, which could uncover such issues.
While this scenario is theoretically possible, its practical implementation would be highly challenging and risky. The more likely threat from such devices would involve internet connectivity where remote activation or hacking is possible. However, for devices without internet connectivity:
Physical Security: Consumers could opt for devices where they can physically inspect components or choose products from manufacturers with transparent supply chains. Regulation and Manufacturing Oversight: Enhanced regulations might demand more transparency in manufacturing, especially of safety-critical components. Consumer Awareness: There's value in consumer awareness about the potential risks of even non-internet connected devices, encouraging vigilance and perhaps supporting brands known for high safety and transparency standards.
This scenario, while extreme, does highlight why cybersecurity and safety considerations must extend to all forms of digital and electronic devices, not just those explicitly connected to networks.
Absolutely NOTHING "smart" in this house.
When PG&E here in Commifornia installed a "smart meter," I fought tooth and nail to have removed. Forced to pay $$$. Worth it!
Ditto. Also removed smart meter (which they lied to my face about being installed).
I can't believe all the people who get the "smart" appliances, and cellphone activated door locks, etc. What I thought was pretty funny was wall ACs that had cellphone connectivity; I guess so you could turn it on before you get home, but a wall AC?
Gives 65 year old Kelvinator a hug
...the one in Grandma Dog's summer kitchen still keeps the beer extremely cold...
,,,excellent post, this needs a sticky...
Does anyone know if you can "reverse engineer" a chip to know everything the chip is capable of doing?
I wonder if since an appliance may have a Bluetooth signal, is there a way to read what all info is being sent out? Like creating a phone app to capture/read an outgoing signal, kinda like radio or EMF, and it can decipher what info is being provided.
This could lead to privacy regulation being made for what devices can and can’t capture/send out if We The People can have instant signal info access.
And what if it's just the "backup plan" for China; if all goes well with whatever they are doing now, they don't need to do this drastic step (but since their Whitehouse pawn is soon to be gone, who knows). (but could always have it in their back pocket, just in case)