Chinese chips infiltrate the kitchen

News by Tim Ring

An unconfirmed report from Russia suggests that imported Chinese kettles and irons contain rogue microchips that can send spam and malware according to Russian State TV, increasing the range of items that would need security clearance.

An unconfirmed report from Russia suggests that imported Chinese kettles and irons contain rogue microchips that can send spam and malware.

If true, the discovery would have implications for security professionals who would need to extend their oversight not just to mobile and process control devices, but also any electrical device within range of the company network.

The report, which appeared on Russian state-owned TV and was picked up by the BBC's Monitoring service, said that cyber criminals have hidden chips inside electric irons and kettles to launch spam attacks and malware.

According to the BBC: “Rossiya 24 showed footage of a technician opening up an iron included in a batch of Chinese imports to find a ‘spy chip' with what he called ‘a little microphone'. Its correspondent said the hidden devices were mostly being used to spread viruses, by connecting to any computer within a 200-metre radius which were using unprotected Wi-Fi networks.

“Other products found to have rogue components reportedly included mobile phones and car dashboard cameras.”

The report claims that hidden chips had been used to infiltrate company networks, sending out spam without administrators' knowledge.

Security specialist Richard Steinnon, chief research analyst at independent analyst firm IT-Harvest, told SC Magazine UK that, if confirmed, the discovery has significant implications for security pros.

“There's been a lot of talk about the danger of people embedding hardware but never been any evidence of it actually happening,” he said. “That is why the story is so exciting - chips from products made in China and they're doing really sophisticated stuff.”

He added: “Certainly it has opened up the envelope as to what you have to look for when you are doing a security audit. There could be a lot of things around us every day that are trying to attack us.”

Steinnon said chips could be planted in anything from mobile phones to forklift trucks and industrial equipment.

He believes the next step is to investigate the source of the microchips - the device manufacturer, an individual working there or a third-party in the supply chain.  “This could be a dry run for when this happens to significant networking gear. The Chinese authorities and leadership should be glad to work with us as it's really harmful to their national perception.”

Currently, the US and Australian Governments have banned Chinese telecoms giant Huawei from supplying equipment for critical national infrastructure projects because of the risk it includes ‘trap doors' that allow the user's network to be infiltrated.

Russia's Federal Protection Service (FSO), the Kremlin agency that protects state officials including the president and the prime minister, is clearly concerned about electronic surveillance and is reported by the Moscow News to have ordered 20 typewriters earlier this month at a cost of some £10,000 to avoid leaks and surveillance, according to documents published on the official site for the state procurement agency, Typewriters are still used for security reasons in Russia's Defence Ministry, the Emergencies Ministry, and the security services.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews