The U.S. Department of Homeland Security (DHS) has reportedly issued a bulletin warning that internet-connected cameras manufactured in China could potentially be exploited for espionage targeting the nation’s critical infrastructure installations. According to the bulletin, these cameras usually lack data encryption and secure configuration settings, leaving them vulnerable to cyber threats. Additionally, the cameras are designed to communicate with their manufacturers by default, raising concerns about unauthorized data access and surveillance.
The bulletin highlighted that tens of thousands of such Chinese-made cameras are currently deployed across networks within critical U.S. infrastructure sectors, including energy and chemical industries. This widespread use underscores the potential risks to national security, as these devices could serve as entry points for malicious actors seeking to compromise sensitive systems or gather intelligence.
“A cyber actor could leverage cameras placed on IT networks for initial access and pivot to other devices to exfiltrate sensitive process data that an actor could use for attack planning or disrupting business systems,” the bulletin said. “A cyber actor could use cameras placed on safety systems to suppress alarms, trigger false alarms, or pivot to disable fail-safe mechanisms.”
So far, China has successfully kept U.S. regulators from blocking the use of internet-connected cameras made in China through the use of a practice known as ‘white labeling,’ where the cameras are imported after they’re packaged and sold by another company, according to the bulletin.
“Broader dissemination of tools designed to help recognize PRC cameras, particularly white-labeled cameras, could tighten enforcement of the 2022 Federal Communication Commission (FCC) ban on the import of these cameras and help mitigate the threat of PRC cyber actors exploiting them for malicious purposes,” the bulletin said.
The DHS document noted that an estimated 12,000 Chinese-made internet-connected cameras were in use at hundreds of critical U.S. infrastructure entities as of early 2024.
The number of cameras installed in U.S. networks is estimated to have grown by up to 40 percent from 2023 to 2024, despite the FCC ban on their import, likely due to white labeling, the bulletin said.
Furthermore, the bulletin added that Chinese state-sponsored cyber actors have ‘extensively targeted’ vulnerabilities of Chinese-made cameras since at least 2020.
The DHS bulletin comes amid growing national security concerns surrounding Chinese technology.
Cybersecurity concerns are compounded by a history of cyber threats posed by state-sponsored actors from the People’s Republic of China (PRC), who have previously targeted U.S. critical infrastructure and communication networks. Since September, hackers associated with the Chinese government have infiltrated several U.S. internet service providers (ISPs) to obtain sensitive information. This marks the latest breach of key U.S. infrastructure by groups connected to Beijing. In a hacking operation dubbed ‘Salt Typhoon’ by investigators, these cyber attackers, allegedly linked to China, penetrated America’s broadband networks.
Last December, the FBI (Federal Bureau of Investigation) published a Private Industry Notification (PIN) to spotlight HiatusRAT scanning campaigns targeting Chinese-branded web cameras and DVRs (digital video recorders). HiatusRAT, a Remote Access Trojan (RAT), has likely been active since July 2022. Cybercriminals use RATs to remotely take over and control targeted devices.
Initially, the Hiatus campaign focused on outdated network edge devices. Cybersecurity companies also observed hackers using the malware to target a range of Taiwan-based organizations and to carry out reconnaissance against a U.S. government server used for submitting and retrieving defense contract proposals.