Chinese access to research, data streams, and information collected within the United States is under increasing scrutiny. While the threat to your personal data or our nation’s critical security information comes from many directions, the biggest wolves in sheep’s clothing are Chinese-based corporations.
This isn’t just happenstance. Chinese corporations are legally obligated to serve the purposes of the Chinese Communist Party (CCP), which has used every collection method and form of technology at its disposal to collect or even steal government, corporate, and private data.
The latest technological opportunity is small drones.
Chinese counterespionage and national-intelligence laws make sharing of data collected by Chinese-based corporations mandatory, which means there is no boundary or separation between those corporations and the CCP. Whether using stealthy mechanisms or brute force, the methods and depth that brutal government is willing to go to pilfer that data is hard to fathom fully.
>>> VIRTUAL EVENT: The Enemy Within: The Security Risks of U.S. Law Enforcement’s Use of Chinese Drones
A 2014 Congressional report found that Chinese cyber attacks resulted in the theft of detailed specifications on weapons systems like the F-35 stealth fighter. Not surprisingly, China’s new J-31 is that plane’s spitting image.
China also has gained access to key personnel and research across the U.S. science and technology sector. Last year, federal agents arrested more than a dozen professors and researchers at U.S. universities, on charges of stealing for the Chinese government everything from trade secrets, to machine-learning algorithms and vials of biological research.
As for personal data, consider TikTok, a wildly popular application that lets users create short videos to share with the world. TikTok is owned by ByteDance, a Beijing-based company now being sued for harvesting personal user data and sending it to China without the consent or even knowledge of those users. But TikTok’s collection capability pales in comparison to that of drones.
Nearly eight out of every 10 drones sold in the United States are made by the Chinese-based company DJI. The firm’s drone video cameras offer a total magnification of 180x and capture vivid images with 1080-pixel definition. Even when images of buildings and critical infrastructure are captured inadvertently, the system marks their precise location and can transmit real-time video feeds directly to the internet. From that point, the road to China is a short one.
Earlier this summer, a security firm called Synacktiv reverse-engineered a DJI app used to control drones and found it was collecting data that allows DJI to readily identify people of interest, access their contacts and networks, and ultimately compromise the user’s phone. The embedded coding enabled the app to download and execute code whenever it chose and, once exploited, DJI could use the compromised phone to attack other users through WiFi networks.
A separate cybersecurity firm, River Loop Security, recently analyzed DJI Mimo, an app used to edit videos and photographs taken by DJI drones. River Loop observed the network traffic between the internet and mobile devices through the app. They found similar security issues to those of the DJI controller app, and that Mimo sent that data beyond the Great Firewall of China without user consent.
Sure, the CCP appropriates a few government secrets and some intellectual property from wealthy corporations, but what nefarious purposes could they possibly have with your data?
>>> Why the U.S. Should Issue an Atrocity Determination for Uighurs
The Chinese government has interned more than a million Uighurs in camps very reminiscent of those of the Nazi era. Video footage of hundreds of bound and blindfolded Uighurs on a train platform was leaked and posted on YouTube. The video was taken by the Xinjiang Autonomous Region Public Security Department using a DJI drone in the perimeter of the train station.
If they’ll use the data they collect against their own people that way, it’s a safe bet that the data they’re collecting on you is not just for marketing. Read more about this threat, do your best to safeguard your own data, and if a time comes when you purchase your own drone buyer, beware.
This piece originally appeared in the Washington Times