China is aggressively seeking to dominate the Internet of Things and plans to use access to billions of networked electronic devices for intelligence-gathering, sabotage, and business purposes, according to a forthcoming congressional report.
China for nearly a decade has been investing heavily in the emerging technology on the Internet of Things (IoT) and has made outpacing similar U.S. efforts one of the ruling Communist Party of China’s highest strategic goals.
“China’s unique approach to the development of IoT and its enabling infrastructure poses significant challenges for U.S. economic and national security interests,” says a report by the U.S.-China Economic and Security Review Commission due out Thursday.
“The highest echelons of the Chinese regime view IoT development and deployment as critical matters of China’s economic competitiveness and national security.”
A major concern outlined in the report is China’s efforts to uncover vulnerabilities in IoT systems that can be used by Beijing for strategic objectives in both peacetime and war, the report said.
“Aside from industrial control systems, unauthorized access to health care devices could kill patients and exploitation of smart car vulnerabilities could kill drivers and pedestrians alike, among other examples of possible misuse of data and devices that could have dire consequences,” the report warns.
“The future destructive potential of unauthorized access to IoT devices appears potentially limitless.”
The IoT is an ill-defined term for a global information and communication infrastructure. It is made up of linked devices ranging from biomedical devices for monitoring patients to self-driving cars to critical infrastructure.
The universe of IoT devices includes billions of electronic systems such as, video cameras, smart phones and smart watches, and industrial control systems used in electric grids.
Chinese IoT objectives include building “smart cities” that monitor public utilities, flows of people and traffic, underground pipelines, and air and water quality, the report said.
Other Chinese IoT plans include advanced remote industrial controls; medical IoTs; smart homes equipped with remote controls for appliances and security systems; and smart cars linking vehicle sensors to drivers, roads, cloud services, and other electronic devices.
The IoT is expanding rapidly and will be further enhanced with emerging advanced information technologies, such 5G cellular technology.
Use of 5G networks will increase the ability of networked devices to interact through faster data transfer speeds.
China, according to the report, is working on major programs to find vulnerabilities in IoT technology ostensibly for cyber security.
However, the report suggests the research is cover for plans to conduct for cyber espionage, sabotage, and military cyber reconnaissance using the Internet of Things.
One example of an IoT cyber attack took place in 2016 when the malware known as the Mirai botnet infiltrated thousands of linked devices by scanning the Internet for video cameras—most made in China—and DVRs that were not protected and easily accessed by using default passwords such as “password.”
Mirai “commandeered some one hundred thousand of these devices, and used them to carry out a distributed denial of service (DDoS) attack against DynDNS that shut down many popular websites,” the report said.
A second botnet called IoTroop targeted several brands of Chinese-made Internet Protocol cameras in late 2017.
A Chinese case discovered in 2016 by security researchers revealed that firmware update software made by the Shanghai ADUPS Technology Co. Ltd. was secretly siphoning off private data and sending it to China.
“ADUPS’s firmware update software is currently in use on more than 700 million low-end mobile phones and IoT devices around the globe, including devices in the United States,” the report said.
Chinese IoT researchers also are preparing to use cyber attacks against the “Internet of Underwater Things” that has applications for submarine warfare.
“The imperfect availability of enemy location information in underwater warfare offers a strategic advantage to any nation with advanced underwater sensor technology, and compromised IoT devices and sensor networks operating underwater at a variety of depths could nullify any such advantage,” the report said.
China also is preparing to use the IoT for intelligence gathering and network reconnaissance—the first step in cyber war.
“Personnel from several of the PLA’s signals intelligence units have published multiple articles on IoT security-related topics, suggesting that these units have likely already exploited device vulnerabilities for these ends,” the report said.
The Chinese military’s cyber and computer attack force has written journal articles discussing the use of “emissions from IoT devices as possible avenues for side-channel attacks and listing location tracking features and internet connections as other weak points for exploitation,” the report said.
“The PLA’s operational cyber warfare units have also previously shown direct interest in exploiting IoT security vulnerabilities for offensive information warfare,” the report said, such as IoT data collection and cellphone-transmitted viruses.
A PLA electronic warfare report said smart cars are very vulnerable to attack and unauthorized access through their internal car wireless sensor networks, car-mounted controller area network buses, car-mounted local area networking, car software applications, car-mounted onboard diagnostic systems, and smart tire-pressure monitoring systems.
China is also using the IoT to boost its mass internal security surveillance capabilities to control the Chinese people, the report said.