South Korea’s military has been forced to remove over 1,300 surveillance cameras from its bases after learning that they could be used to transmit signals to China, South Korean news agency Yonhap reported.

The cameras, which were supplied by a South Korean company, “were found to be designed to be able to transmit recorded footage externally by connecting to a specific Chinese server,” the outlet reported an unnamed military official as saying.

Korean intelligence agencies discovered the cameras’ Chinese origins in July during an examination of military equipment, the outlet said.

    • BruceTwarzen@lemm.ee
      link
      fedilink
      English
      arrow-up
      21
      ·
      2 months ago

      Like every military operation, the job always goes to the lowest bidder, that is still overpriced, because it’s just tax money. That’s what always cracks me up about stuff that is marketed as military grade.

    • febra@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      2 months ago

      Capitalism. They just bought the cheapest reliable enough option they could find and didn’t give two craps about infosec, because that’s too expensive to actually properly do. Minimize the financial losses of an upfront purchase. (I worked more than enough jobs in hardware design to know what management cares about and what it doesn’t)

      Also, big yikes for the Israel flag in your username.

    • Agent641@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      2 months ago

      Suppliers lie.

      I know a guy who is the sole reason that software written by <adversary> isnt being currently used in <host countries most top secret defense environment>. His boss told him to lie if asked, and he refused to and informed <end user>.

    • interurbain1er@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      2 months ago

      I remember when, I think, Sony was hacked because of the movie « the interview ». It created enough of a news cycle shitstorm that our corporate overlords became excessively generous with our infosec budget and made it a tier 1 priority.

      It went for measly .5% to a whooping 25% of IT expenditure.

      On the other hand to really show they didn’t understand anything about it they recruited an experienced CISO and fired him a month later because an accountant’s workstation was hit by a ransomware. The guy barely had the time to start building a plan and launch a bunch of audit but still got the full blame for decades of neglects. (He eventually sued them and settled).

  • fluxion@lemmy.world
    link
    fedilink
    English
    arrow-up
    27
    arrow-down
    1
    ·
    2 months ago

    China is the only country that gives you lifetime free cloud storage for your devices

  • Pringles@lemm.ee
    link
    fedilink
    English
    arrow-up
    23
    ·
    2 months ago

    Stuff like this is why I have to tell our Chinese CFO why we don’t want Huawei network devices. Yes Jeff, I know they are cheap as shit, you cheapskate, but you don’t put the cheapest solution in place to run your critical systems on!

    • UnderpantsWeevil@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      7
      ·
      2 months ago

      Yes Jeff, I know they are cheap as shit, you cheapskate

      Remind me again why you’d want an Apple (made in China) or OnePlus (made in China) or any of the other 70% of all cell phones available in the US? Are you just a big fan of paying extra for the same technology?

      Or are you more wedded to phones made in Malaysia, India, or Vietnam for some peculiar reason?

      you don’t put the cheapest solution in place

      No shortage of high end Huawei models. They’ve been competitive with Samsung for nearly a decade.

  • HappyTimeHarry@lemm.ee
    link
    fedilink
    English
    arrow-up
    7
    ·
    2 months ago

    If they found out it goes to a specific server, why not just block the server and maybe isolate the network from the internet? I guess its easier to replace them but what’s to say the replacements can’t have the same flaw if other precautions aren’t in place, like how do you even get to installing cameras on military bases without thoroughly vetting the firmware on them fist?

    • CosmicTurtle0@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      20
      arrow-down
      1
      ·
      2 months ago

      This is just bad spy craft. You don’t tell the person who bugged you that you found their bug. You mess with their head by setting up false flags.

      Like have maps of China and what look like troop movements.

      Or details about tank man.

    • I wonder if this was the case. From the bloomberg article,

      “No data has actually been leaked,” they added.

      And from Yonhap,

      found to be designed to be able to transmit recorded footage externally

      So maybe they were designed that way, but it didn’t work because the cam network was offline?

      Keep in mind that this was on the border with North Korea, so, they’d (the South Korean military) have a very high level of paranoia on being hacked to begin with.

  • Wispy2891@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    8
    ·
    2 months ago

    So if they purchased Ring cameras that are feeding everything to American AWS servers it would be ok?

    Seems stupid that in a military install they’re using cloud shit

    • tal@lemmy.today
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      2 months ago

      Well, they did remove it when they found out. But…

      Look. I’m looking at a Thinkpad. Lenovo owns that line now. I dunno if they can push firmware updates to old, pre-Lenovo models, but they can to current versions. Those things are pretty common in a business setting. AFAIK, the US has never raised any issues with Lenovo and security a la Huawei. But if there was an honest-to-God, knock-down, drag-out war, I assume that Beijing is gonna see whether it can leverage anything like that. And I’ve got, what…a microphone? A camera? Network access? Maybe interesting credentials or other things in memory or on my drive? I mean, there are probably things that you could do with that.

      Then think of all the personal phones that military people have. Microphone. Camera. Network access and radio. Big fat firmware layer.

      My guess is that if you did a really serious audit of even pretty secure environments, you’d find a lot of stuff floating around that’s potentially exploitable, just due to firmware updates. If you exclude firmware updates, then you’re vulnerable to holes that haven’t been patched.

      Okay, maybe, for some countries, you can use all domestic manufacturers. I don’t think that South Korea could do that. Maybe the US or China could. But even there, I bet that there are supply chain attacks. I was reading a while back about some guy selling counterfeit Cisco hardware. He set up a bunch of bogus vendors on Amazon. His stuff got into even distribution channels with authorized Cisco partners, made it into US military networks.

      https://arstechnica.com/information-technology/2024/05/counterfeit-cisco-gear-ended-up-in-us-military-bases-used-in-combat-operations/

      Counterfeit Cisco gear ended up in US military bases, used in combat operations

      That guy was just trying to make a buck, though I dunno if I’d have trusted his products. But you gotta figure that if that could have happened, there’s room for intelligence agencies to make moves in that space. And that’s the US, which I bet is probably the country most-able to avoid that. Imagine if you’re a much smaller country, need to pull product from somewhere abroad.

      • pycorax@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        2 months ago

        Look. I’m looking at a Thinkpad. Lenovo owns that line now. I dunno if they can push firmware updates to old, pre-Lenovo models, but they can to current versions.

        China aside, Lenovo has lost all semblance of trust after the whole Superfish debacle. Sure it’s been more than a decade now but their response to that and the fact that it was even approved internally calls a lot into question. I wouldn’t dare go near any of their devices.