Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Chinese Government. Show all posts

China's Assessment of Micron's Security Was Rejected

 


As a result of Micron's failure to pass a security review, the Chinese government has banned the company from supplying memory chips to local industries that are critical to the country. 

The Chinese cyberspace regulator has announced that it will bar operators of key infrastructure from buying products made by American memory chipmaker Micron Technology Inc. (MU.O). Micron Technology Inc. is an American memory chip maker with international reach. 

Washington is looking to cut off Beijing's access to the most advanced semiconductors to limit its access to the United States' advanced chip manufacturing facilities. Despite the ongoing chip war between the two nations, the probe represents the latest effort by investigators to escalate the crisis. 

As a result of the incident, China tightened its enforcement of anti-espionage and national security laws, tightening its control over international espionage. 

In a report by the news agency Reuters, the US government has instituted a series of export controls on certain American components and chipmaking tools to prevent them from being used to advance China's military capabilities, following a series of export controls by the USA on certain American components and chipmaking tools. 

There was an additional phase in the bitter chip war between the United States and China. Washington was attempting to prevent Beijing from having access to top-of-the-line semiconductors and the latest technology.    

Chinese authorities launched a review of Micron, one of the world's largest chip manufacturers, in March last year. This was following several complaints related to its products available in the country.   

From transportation to healthcare, critical information infrastructure is broadly defined as the network infrastructure that supports the system of the country.   

On Monday, shares in several local chipmaker-related companies rose as a result of the move. Shares in corporations including Gigadevice Semiconductors, Ingenic Semiconductors, and Shenzhen Kaifa Technology opened up by 3% to 8% on Monday, according to Reuters. 

Based on Micron's financials for the year ended March 31, 2013, it was estimated that China contributed approximately 10 percent of Micron's USD 30.8 billion revenue. 

It was unclear whether the cybersecurity watchdog's decision would affect sales to foreign customers since a large portion of Micron products sold in the country were purchased by foreign manufacturers, analysts said earlier. Even if the decision does affect sales, the effect may not be felt for some time. 

Earlier this year, the Chinese government announced that it would pay more attention to protecting the critical infrastructure of its information systems by enforcing stricter data security regulations. There has been a recent intensification of its enforcement of its anti-espionage and data security laws, which have been implemented as well. 

During the last year, China and the United States stepped up their chip war by imposing restrictions on Chinese access to high-end chips, chipmaking equipment, and software used in the design of semiconductors. Yangtze Memory Technologies Co Ltd, a rival of Micron, was also placed on a blacklist by the United States government. 

Despite the high level of risk that the Chinese armed forces and intelligence services may possess technology that could be used in developing advanced military equipment, Washington cited national security concerns and insisted that it wanted to prevent the acquisition of such technology. 

One of the largest chip manufacturers in the world, Micron, has been surveyed by Chinese authorities regarding products sold within the country by the company. 

Based on the review, the Cyberspace Administration of China (CAC) concluded that Micron's products pose significant security risks to China's critical information infrastructure supply chain, affecting the safety and security of the country's key infrastructure, an influence that could adversely affect China's national security. 

Several manufacturers of semiconductor technology equipment, such as the Netherlands and Japan, have recently announced new restrictions on the export of certain products, although neither of them named China as a major source of these restrictions. 

There has been a lot of opposition from Beijing to Washington's controversial move, which Beijing has called "bully tactics" and declared as "technological terrorism", saying it is not only strengthening its resolve to self-sufficiency in the sector but also strengthening US business interests.

There have been billions of dollars invested in domestic chip companies over the past few decades by the Chinese government to build up a robust semiconductor industry domestically. 

It is expected that by the year 2030, the chip industry in the world will generate a $1 trillion market, a figure that can be attributed to the fact that chips are the lifeblood of modern global economies, powering everything from cars to smartphones. 

In response to the ban, the United States opposes it; Micron is committed to engaging in negotiations with China. There was strong opposition to the Micron ban from the US Commerce Department. 

A spokesperson for the Commerce Department said in a statement that "we strongly oppose restrictions that have no basis in fact." China claims that they are open to a transparent regulatory framework and that they are committed to a transparent regulatory framework, which contradicts this action, along with raids and targetings of other American firms that have been reported in the past. 

It is now the department's responsibility to clarify the actions of the Chinese authorities in Beijing directly through direct communication with them.  

Beijing, which is China's largest manufacturer of semiconductors, has been forbidden from buying cutting-edge semiconductors as part of the US-China trade dispute. It's the latest escalation between the two countries. 

Despite Micron's review by the CAC, the company said it was looking forward to engaging with Chinese authorities in further discussions following its receipt of the review. The company said in a statement that it is evaluating the conclusion of the investigation and determining what we should do next.

Chinese Government to Ban TikTok Apps From Collecting U.S. Data

 


A spokesperson for TikTok issued a statement today responding to charges that the U.S. Congress was working to advance legislation. This would create another avenue for the US president to ban the popular video-sharing application from the country. 

There was a vote in the US House Foreign Affairs Committee earlier today that led to the passage of the Deterring America's Technological Adversaries (Data) Act. This would roll back US sanctions protections to creative content dating back 35 years to deter technological adversaries from targeting American institutions. Currently, the bill is being drafted in such a way that it would require the president to issue sweeping sanctions against Chinese companies that transfer personal data related to citizens of the US to organizations or individuals in China or "subject to the influence of China." 

The Coven tattoo studio owner is Angel Mae Glutz, who works in both fine art and tattooing. Most of Glutz's business is promoted on social media platforms, including TikTok. This has helped bring in clients from all over the world and promote her business. 

The ongoing battle on Capitol Hill between China-based TikTok and Congress may end up being a distraction for entrepreneurs like Glutz who rely on social media to market their businesses. Earlier this year, the White House banned TikTok's use on government devices and lawmakers are now considering legislation that would limit foreign adversaries' use of communication platforms and technology. 

Recently, many U.S. allies have expressed concerns about the video-sharing platform, most recently warning their staff to delete the app from their phones after the app caused an uproar among European Union institutions. In the Netherlands, the decision is being considered to follow the lead taken by Germany and Canada. 

According to CEO Shou Chew on Tuesday, TikTok now has 150 million monthly active users in the United States, which is a huge increase over the 40 million that the platform had earlier this year, while new calls are being made for its banning in the country. 

Generally speaking, TikTok poses a very low-risk danger to national security. This is in so far as the Chinese government can exercise influence over the app or its parent company which is not under its control. According to Chinese national security law, companies under its jurisdiction must comply with a wide variety of security activities under their jurisdiction to comply with the law. This is a serious issue since the public has little or no means to verify that leverage has been used in the way it has been described in the public domain. 

A violent border clash between India and China in 2020 caused a TikTok ban in India which in turn caused over 200 million TikTok users to be abruptly disconnected. Following the ban, TikTok has not returned to India. 

The United States, Canada, and the United Kingdom, among others, have recently enacted laws restraining TikTok use on official, government devices. However, they did not ban the app on personal devices. Last year, TikTok was found guilty of a massive data scandal. It was revealed that several employees accessed users' data, including journalists, as part of TikTok's effort to combat leaks in the media and crack down on them. 

These employees were terminated from the company according to the statement. There has been a sharp rise in the number of laws proposed by the U.S. to ban TikTok from the country completely. Other lawmakers have proposed mandating that ByteDance sell the video-sharing platform or ban the app completely.

Supply Chain Attack Targets 3CX App: What You Need to Know

A recently discovered supply chain attack has targeted the 3CX desktop app, compromising the security of thousands of users. According to reports, the attackers exploited a 10-year-old Windows bug that had an opt-in fix to gain access to the 3CX software.

The attack was first reported by Bleeping Computer, which noted that the malware had been distributed through an update to the 3CX app. The malware allowed the attackers to steal sensitive data and execute arbitrary code on the affected systems.

As The Hacker News reported, the attack was highly targeted, with the attackers seeking to compromise specific organizations. The attack has been linked to the APT27 group, which is believed to have links to the Chinese government.

The 3CX app is widely used by businesses and organizations for VoIP communication, and the attack has raised concerns about the security of supply chains. As a TechTarget article pointed out, "Supply chain attacks have become a go-to tactic for cybercriminals seeking to gain access to highly secured environments."

The attack on the 3CX app serves as a reminder of the importance of supply chain security. As a cybersecurity expert, Dr. Kevin Curran noted, "Organizations must vet their suppliers and ensure that they are following secure coding practices."

The incident also highlights the importance of patch management, as the 10-year-old Windows bug exploited by the attackers had an opt-in fix. In this regard, Dr. Curran emphasized, "Organizations must ensure that all software and systems are regularly updated and patched to prevent known vulnerabilities from being exploited."

The supply chain attack on the 3CX app, in conclusion, serves as a clear reminder of the importance of strong supply chain security and efficient patch management. Organizations must be cautious and take preventive action to safeguard their systems and data as the possibility of supply chain assaults increases.

What Are Some Big Cyber-Security Fears Concerning TikTok?


China claims that the US has inflated national security concerns over TikTok in an effort to suppress the Chinese startup. Due to concerns over cyber-security, US federal entities have been asked to remove the Chinese app from all staff devices within 30 days. Canada and the EU have taken similar actions, and some politicians have called for nationwide bans. 

TikTok executives, who successfully escaped having their popular app banned in the US by then-president Donald Trump in 2020, had to deal with a barrage of inquiries every day about the dangers TikTok presented to cyber security. The topic was largely put to rest in 2021 when President Joe Biden overturned Trump's proposal due to various complicated legal challenges. 

One could almost hear a sigh of relief from both TikTok and the millions of influencers who rely on the social media app to make a career. 

But now, in an ironic nod to the video app's recognizable looping style, we have come full circle. With the stakes even higher now. 

Nearly three years prior to Trump's planned ban, TikTok had been downloaded 800 million times worldwide. As of now, 3.5 billion people have downloaded it, according to app analytics company Sensor Tower. 

With a rise in geopolitical strain between China and Western Countries, it is clear that the future of TikTok is more at risk than ever. 

We are listing some of the prime cyber-security concerns pertaining to TikTok that are continually raised, and how the company addresses them: 

1. TikTok Collects an ‘Excessive’ Amount of Data 

TikTok's critics frequently claim that it collects vast amounts of data. It's common to use a cyber-security assessment from Internet 2.0, an Australian cyber business, from July 2022 as proof. 

Researchers examined the source code of the app and found evidence of "excessive data harvesting" within it. According to analysts, TikTok gathers information about users' locations, the devices they are using, and the other apps they have installed. 

Although, a similar test conducted by Citizen Lab concluded that "in comparison to other popular social media platforms, TikTok collects similar types of data to track user behavior." 

Likewise, a report by the Georgia Institute of Technology in January states "The key fact here is that most other social media and mobile apps do the same things." 

2. TikTok Could be Used as a ‘Brain-washing’ Tool 

TikTok's spokeswoman said: "Our community guidelines prohibit misinformation that could cause harm to our community or the larger public, which includes engaging in co-ordinated inauthentic behavior." 

In November 2022, FBI Director Christopher Wray told the US lawmakers: "The Chinese government could… control the recommendation algorithm, which could be used for influence operations." 

Douyin, a sibling app to TikTok that is exclusively available in China, is heavily censored and purportedly designed to encourage the viral spread of positive and wholesome content, which adds fuel to those worries. 

In fact, all social networking sites in China are closely monitored by an army of internet police, who apparently take down content that criticizes the government or instigates political unrest. 

As TikTok gained popularity, there were high-profile instances of censorship on the app. For example, a user in the US had her account suspended for denouncing Beijing's treatment of Muslims in Xinjiang; following a ferocious public outcry, TikTok issued an apology and restored the account. 

Since then, there have not been many instances of censorship, aside from the contentious moderation choices that all platforms must make. 

Although, while comparing TikTok and Douyin, Citizen Lab researchers concluded that the later does not comprise any political censorship. 

The Georgia University of Technology analysts also looked for jokes about Chinese Premier Xi Jinping and issues like Taiwan's independence. They came to the following conclusion: "Videos in all of these categories can easily be found on TikTok. Many are popular and widely shared." 

Theoretical Risk 

Hence comes the entire picture of theoretical fears and risk. 

Certain critics deem TikTok as a “Trojan horse,” meaning although it may look harmless, it could potentially be utilized as a powerful weapon in times of conflict. 

The app is already banned in India, in an initiative taken against the app and dozens of other Chinese platforms in the year 2020. 

Nonetheless, a US ban on TikTok might have a significant effect on the site since allies of the US frequently support such measures. 

Moreover, it is worth mentioning that risks are a one-way street. Due to the long-standing restriction on access for Chinese individuals, China need not be concerned about US apps.  

Alibaba Cloud Punished for Not Sharing Log4j Vulnerability First with the Government

 

China’s Ministry of Industry and Information Technology (MIIT) has suspended its collaboration with Alibaba Cloud for six months to mark their protest after the company failed to inform the government regarding the discovery of Log4Shell vulnerability. 

Chen Zhaojun of Alibaba cloud security discovered the flaw and reported Apache Software Foundation (ASF), developer of Log4j, on November 24 regarding the critical flaw in the open-source software tool. But MIIT, China’s leading internet regulator, only became aware of the bug 15 days later on Dec. 9 via a cybersecurity report, likely not submitted by Alibaba.

Tracked as CVE-2021-44228, the vulnerability can be abused to gain full control over susceptible systems, and it has been exploited by both attackers and state-sponsored threat groups, likely even before an official patch was released on December 6.

According to the Chinese outlet, the 21st Century Herald, Chinese authorities were displeased with the fact that they were not informed first about the Log4j vulnerability. As a punishment, the MIIT, which has been operating a threat intelligence sharing platform since late 2019, said it would suspend its partnership with Alibaba Cloud for six months, after which it will reassess the firm’s corrective measures and suitability. 

"Recently, after discovering serious security vulnerabilities in the Apache Log4j2 component, Alibaba Cloud failed to report to the telecommunications authorities in a timely manner and did not effectively support the Ministry of Industry and Information Technology to carry out cyber security threats and vulnerability management," the local media report said. 

A law passed this year in China makes it mandatory for all companies to report vulnerabilities to state regulators within two days. While security flaws can be revealed to the affected vendor, they cannot be sold or passed on to third parties outside of China. Additionally, the Cyberspace Administration of China disclosed a new set of laws that reclassified data and presented multiple sets of fines for violations of cybersecurity policy.

Earlier this year, Alibaba was hit with a record antitrust fine of 18.2 billion yuan, for violating government monopoly regulations. The Chinese State Administration described the firm’s behavior as having “eliminated and restricted competition in the online retail platform service market” as well as having “infringed on the business of the merchants on the platform.”