Research shows that devices banned by US government lack basic security practices

August 02, 2019

As the August 13 deadline looms for the US ban on Chinese surveillance cameras, the news cycle is re-engaged with the issue. The panic about banned cameras still being in operation shines a spotlight on both the severity of the issue and the dire need to find a solution.

Through our research, based on tens of millions of embedded device binaries, it’s clear that the banned devices lack basic security building blocks and consequently expose users to the security threats that are alleged by the US.

One may ask – are the banned Chinese devices the only vulnerable devices in the field? The answer is surely no. Many devices from various countries also lack a proper security state, however, they were not banned for use by the US government – for example, D-Link camera, Amazon Ring, LG Hom-Bot, Cisco routers, and many more.

As part of deep research conducted by our security team, a few well-known vendors which are widely used were found vulnerable –  Synology, and many more which cannot be mentioned yet, as Vdoo adheres to a responsible disclosure process.

However, the banned Chinese devices have some security issues of the highest severity that could potentially cause significant damage.

Our latest updates