For more than a decade, the US military and intelligence community has quietly warned that the world's largest telecom equipment manufacturer, Huawei, is an arm of the People's Liberation Army and that its phones, circuits and routers are instruments of Chinese eavesdropping.
Now these agencies are starting a formal review, led by the FBI and the NSA, examining the national security implications of Huawei's potential participation in building the US 5G wireless network, according to current and former US intelligence officials. These officials told that while the two largest US telecom providers have yet to join up with Huawei on this project, the prospect of such a partnership is real and alarming.Read more
A 470 gigabits per second distributed denial of service attack on an unnamed gambling website has been described as one of the largest and most complex assaults to date. The perpetrators' multi-vector approach reached a packet-per-second peak of 110 million, although the assault was quickly mitigated by a security firm.
The attack reportedly lasted just over four hours on 14 June and was notable not only for the strength of the assault, but also the multi-vector approach that mixed "nine different payload types". The security firm claims that only 0.2% of DDoS attacks from the first quarter of 2016 were multi-vector.Read more
An Android Trojan dubbed Hummer has infected millions of smartphones and experts believe the malware could have helped cybercriminals make a significant amount of money.
Security researchers at China-based Cheetah Mobile have been monitoring the malware family since August 2014, but the number of infections was insignificant until mid-2015. Infections have risen even more in 2016, with a daily average of 1.4 million affected devices. Data collected by the Chinese company shows that Hummer has become the Android Trojan with the highest number of infections in the world.Read more
Apple products are coming under increased scrutiny in China as the state is starting to ask more questions about the company's products.
The Chinese government has reportedly started to increase the number of reviews it carries out into products being sold in the country. These investigations, which target other companies as well as Apple, look into the capability of electronic devices sold in the country, and examine things like encryption and data storage. The uptick in the number of reviews by the Chinese government will be a worry for Apple as the company is trying to ensure that it has a working relationship with the state.Read more
Thousands of apps running code built by Chinese Internet giant Baidu have collected and transmitted users' personal information to the company, much of it easily intercepted, researchers say. The apps have been downloaded hundreds of millions of times.
The researchers at Canada-based Citizen Lab said they found the problems in an Android software development kit developed by Baidu. These affected Baidu's mobile browser and apps developed by Baidu and other firms using the same kit. Baidu's Windows browser was also affected, they said. The same researchers last year highlighted similar problems with unsecured personal data in Alibaba's UC Browser.Read more
Hackers in China attempted to access over 20 million active accounts on Alibaba Group Holding Ltd's Taobao e-commerce website using Alibaba's own cloud computing service, according to a state media report posted on the Internet regulator's website.
Analysts said the report from The Paper led to the price of Alibaba's U.S.-listed shares falling as much as 3.7 percent in late Wednesday trade. An Alibaba spokesman on Thursday said the company detected the attack in "the first instance", reminded users to change passwords, and worked closely with the police investigation. Chinese companies are grappling a sharp rise in the number of cyber attacks.Read more
VTech, a Chinese company that makes popular electronic toys for kids, had its app store hacked. An "unauthorized party" accessed customer information in a database for VTech's Learning Lodge app store. The app store lets parents download apps, games, e-books and educational content to VTech toys.
The database contains customer data including name, email address, password, IP address, mailing address and download history. VTech has not said how many customers were affected, but experts said information on nearly 5 million parents and more than 200,000 kids was exposed. The hacked data included kids' first name, gender and birthday.Read more
The United States should think about allowing US companies to "hack back" if data is stolen by Chinese hackers. Data lost in such attacks could be recovered or wiped, suggests a new report from the US-China Economic and Security Review Commission.
It says lost sales and fixing hacking damage have cost US firms tens of billions of dollars, with trade secrets being given to Chinese companies. The commission is typically very critical of the Chinese government. The report, which is due to be released on Wednesday, describes the American response to hacking attacks on domestic firms as "inadequate" and says the US is "ill-prepared" to defend itself from cyber-espionage.Read more
A software development kit created by Chinese Internet services company Baidu and used by thousands of Android applications contains a feature that gives attackers backdoor-like access to users' devices.
The SDK is called Moplus and while it's not open to the public, it was integrated in more than 14,000 apps, of which only around 4,000 were created by Baidu, security researchers said. The company estimates that the affected apps are used by over 100 million users. According to Trend Micro's analysis, the Moplus SDK opens an HTTP server on devices where affected apps are installed; the server doesn't use authentication and accepts requests from anyone on the Internet.Read more
Android applications built using the Taomike SDK, one of the largest mobile advertisement solution platforms in China, have been found to include SMS theft functionality. The Taomike SDK has been used in over 63,000 Android apps, but only around 18,000 of them have been observed to exhibit the message stealing functionality.
The security firm also notes that these applications have been grabbing copies of all messages sent to infected devices since August 1. The applications are being distributed through third-party mechanisms in China and are not available in the Google Play store, and all of them include specific library that enables the malicious behavior.Read more