The Chinese firm Tuya Inc. of Hangzhou is behind making most of the consumer products "smart". Unfortunately, this fact is known by few and carries potential dangers along with it.
As of 2020, Tuya's services cover more than 1100 categories such as agriculture and health care. Their items are sold in more than 220 nations and have in total 116.5 million smart devices.
It has worked with more than 5000 brands. Their tech has been incorporated into innumerable products. This includes the Dutch multinational- Phillips. Global retailers such as Amazon, Target and Walmart sell products that contain tech from Tuya.
Many cyber security experts are worried that about the lack of protection for consumer data collected by these devices. These are household items and are also widely used in health care and hospitals.
Experts are requesting US to ban Tuya from undertaking operations in the country. This is especially important as Chinese law requires companies to turn over any collected data requested by the government under the national security act.
These devices absolutely pose a security issue. China has been known to install backdoors in its tech. Recently Huawei had been caught red handed - it's equipment in Pakistan had several backdoors for surveillance.
In October of 2020, Republican senator Marco Rubio had introduced the APP act that would establish censorship and data protection standards that must be met by high risk foreign software such as Chinese. In the hindsight, he was absolutely right.
Tuya's tech is sinister. It's smart devices are actually connected to each other, hence building a huge interconnected network. This is called Internet of Things (IoT). Though this allows the devices to work with little or no human intervention, these connected devices generate loads of data that can be mined for harmful purposes. These devices hence raise both privacy and security concerns.
In the eyes of Cyber security experts, Tuya’s data collection is similar to that of Chinese telecom giant - Huawei and its 5G products as Tuya could siphon the massive data – including classified government data – which is shared on its networks, and make it available to the Chinese government.
In all probability, Tuya is funnelling the information picked up on home security cameras and connected health devices back to China.
The new Chinese data security law is an important concern.
That law states that Chinese firms and individuals must support, assist and cooperate with Chinese authorities on data concerning the national economy, national security and the public. The June 2021 law also forbids any company in China from providing any foreign law enforcement officials with data stored within China. Tuya is obliged to share data with the CCP under this act.
Tuya's defence is that data is stored on local regional servers and not on Chinese servers. It says the servers operate independently and are not connected to Chinese servers.
There's a need to regulate data flow.
Just to get an idea about what power Tuya holds - it can turn up everyone's thermostat to cause a power grid issue, it can access video cameras of its devices in real time or even recordings. There is no regulatory environment or protection against these in place. There should be concerns about those Chinese companies that have close ties to the CCP government.
In fact the concerns for the misuse of IOT should be more prominent than 5G related concerns. There are hundreds of millions of connected IoT devices in use today, some of which have personal information such as live video feeds or other data, that could be used for nefarious purposes.
Unfortunately, Chinese smart devices are, by now, embedded in the US market. In fact, every IoT device reviewed had a business connection to China and every product was found to be communicating with infrastructure in China, without permission.
Many security flaws were found in these devices. There is no current data as to how Tuya is using the collected information.
[The writer can be reached at [email protected]]
BDST: 1720 HRS, SEPT 1, 2021