Tensions between the U.S. and China may be on the rise again with Chinese Foreign Ministry spokesman Zhao Lijian accusing the U.S. of originating and planting the COVID-19 coronavirus within the Asian superpower. Trump officials continue to emphasize the disease’s apparent Chinese genesis. Whether Zhao's words will be treated as those of a rogue official or the matter will shape up into a full-blown feud remains unknown, but it is not the only thorn in the side of diplomatic relations between the two nations.
Trump Signs 5G National Security Law
On March 13, President Trump signed legislation that bans federal money from being used to buy tech equipment or services from sources judged to be a “national security risk.”
The law effectively prohibits government use of Chinese firms Huawei and ZTE Corp., which the Federal Communications Commission (FCC) has listed as security risks. The Trump administration has already rejected Huawei as a vendor due to the company’s alleged ties to the Chinese government, and recently expressed displeasure at allies agreeing to work with the tech provider.
The Secure and Trusted Communications Networks Act had a smooth ride through Congress, receiving unanimous approval. The law:
Requires the FCC to keep a running list of tech providers deemed national security risks.
Instructs the government to track what’s going on in communication supply chains.
Compels telecom companies to submit annual reports to the FCC on providers that could pose national security risks.
Mandates the FCC to develop a reimbursement program to aid smaller companies with the financial burden of removing affected equipment that has already been installed and replacing it with alternatives deemed safer.
Prohibits FCC funds from being used to purchase, maintain, lease, or rent relevant equipment or services.
A White House statement highlighted that the legislation was part of a strategy to protect the nation’s transition to 5G networks from “actors who are potentially influenced by foreign entities.” It added, “These reforms will help protect our Nation’s vital communications network and also ensures the United States reaches its 5G potential.”
Senate Hopes to Boost Huawei Sanctions
Lawmakers don't seem to think this goes far enough, however, and some are working to make sure Huawei is "excluded from the global marketplace." On March 12, senators introduced a bipartisan bill to block U.S. banks from significant transactions with 5G telecom companies suspected of industrial espionage – directly targeting Huawei. The law would also restrict U.S. or foreign companies from working with Huawei.
The NETWORKS Act asks the U.S. Treasury Department to add suspected 5G providers to its Specially Designated Nationals (SDN) List, which “effectively freezes them from accessing the U.S. financial system.”
Senator Tom Cotton (R-AR) commented, "It's time to sanction Huawei. For years, this arm of the Chinese Communist Party has stolen American intellectual property and violated U.S. sanctions with impunity. This legislation would cut Huawei off from the U.S. financial system, relegating it to pariah status alongside Russian oligarchs, Iranian terrorists, and Mexican drug cartels."
“We're nearing a decisive point for global 5G networks and we need to leverage every tool in our arsenal to protect a diverse telecommunications supply chain and stop the Chinese Communist Party's bid to monopolize global networks,” added Representative Mike Gallagher (R-WI).
TikTok Ban on the Horizon
Huawei isn’t the only Chinese company being targeted by Congress right now. Senators Josh Hawley (R-MO) and Rick Scott (R-FL) introduced a bill to prevent federal employees from downloading or using TikTok on government-issued devices. The video-sharing social media platform has been named and shamed for the same reason as Huawei: It is Chinese-owned. The No TikTok on Government Devices Act follows similar bans by the State Department, Department of Homeland Security, Department of Defense, and TSA, which have moved to restrict the app.
Hawley, who is also behind last November’s National Security and Personal Data Protection Act, which aims to prevent U.S. data being shared with China, or stored there, said:
"TikTok is owned by a Chinese company that includes Chinese Communist Party members on its board, and it is required by law to share user data with Beijing. The company even admitted it collects user data while their app is running in the background – including the messages people send, pictures they share, their keystrokes and location data, you name it. As many of our federal agencies have already recognized, TikTok is a major security risk to the United States, and it has no place on government devices.”
Hawley himself is not exactly trusting of the Chinese government in general, claiming on Twitter that “Beijing, after lying to its own people & the world about #COVID19, is now trying to use the global pandemic it unleashed to its own advantage.”
Keeping Your Devices Secure in 2020
Libertarian presidential candidate John McAfee sold his eponymous anti-virus software company to Intel in 2011, and the firm recently released its Mobile Threat Report 2020. According to the research, “2020 is looking like the year of sneak mobile attacks,” with malware becoming less easy to spot. Raj Samani, chief scientist and McAfee fellow for cybersecurity, suggests that hidden apps are the most active security threat on mobile devices, with 2019 showing a 30% increase from 2018.
According to the report, these hidden apps can gain access to a phone’s functions by alerting the user with fake security notifications. They may also pose as legitimate apps. Some may not show any visible evidence of their presence, once downloaded, with no icon or shortcut. In contrast, others may masquerade by displaying icons that look similar to genuine apps.
Turning people’s phones into “click farms” to generate fake ad revenue appears to be the modus operandi going into this year. “Criminals are tricking users into installing adware on their devices that redirects them to a range of different ad types and topics. Built-in intervals and event triggers control the frequency of the ad redirects, so that many users will not realize that their device is infected,” states the report. “With the exception of nation-state attacks, most mobile cybercriminals seem to want the quickest and easiest path to money. After trying several different ways of monetizing their efforts over the last few years, click fraud, fake reviews, and malvertising appear to be the easy money.”
The company also discovered Daegu Bus – not an app in itself, but a piece of malware that piggybacked on four genuine South Korean bus timetable apps - that obtains user’s Google account data. It then uses the data to scan the device for sensitive military and political keywords. One can only guess who would be interested in such information or what it would be used to achieve.
“Mobile devices hold the key to our lives — both corporate and personal. Unfortunately, they are also amongst the easiest attack vectors for cybercriminals because consumer awareness levels towards security of their devices and apps is low,” said Venkat Krishnapur, vice-president of engineering and managing director of McAfee India. So, what can users do to avoid such security breaches?
This report advises that users:
Stay on known app stores rather than downloading them on social media, from ads, or unofficial app sources.
Briefly research the source and developer of an app you are considering downloading.
Critically read reviews – repetition of simple phrases may indicate fake reviews.
Use current security and ID monitoring software (unsurprising advice considering the source of the report)
That’s all for this week from Tech Tyranny. Check back next week to find out what’s happening in the digital realm and how it impacts you.
~
Read more from Laura Valkovic.
