Each year, established technology companies roll out new deals, promotions and offerings on Black Friday and Cyber Monday. Advertisements for these products will highlight their affordability, performance and practicality. They will also ignore their vulnerabilities and threats to consumer privacy. Huawei phones, Lenovo laptops, Lexmark printers and GoPro cameras are four examples of products whose flaws must be known by consumers in the west before they consider buying them this holiday season.
The commonality among these products are documented security vulnerabilities and “backdoors.” Backdoors are methods of bypassing security measures to access computer systems and encrypted data. They make it possible for third parties retrieve information on their users. Products with backdoors allow a person or company to illegally view your sensitive information, such as banking or medical records.
1. Huawei Mate 30 Smartphone
In September, Huawei unveiled its Mate 30 smartphone, which is already being sold in Chinese markets and expected to be released into European markets later this month. The U.S. already bans most Huawei products, with good reason.
The cybersecurity research firm Finite State released a report earlier this year stating that 55% of Huawei equipment contained at least one backdoor access point. Due to Huawei’s lack of safeguards, last year Congress banned federal agencies from using Huawei equipment. This year, additional steps were taken to prevent private businesses from doing business with Huawei. Consumers must exercise the same level of caution about Huawei phones or other applications.
2. Lenovo Ideapad Laptop
Lenovo is a company whose products deserve the kind of scrutiny received by Huawei. Among the deals Lenovo plans to offer this month is a $99 laptop, the Lenovo Ideapad 130S. Despite its ubiquity in homes and offices throughout America, Lenovo products have consistently failed to protect consumer privacy.
This history includes the installation of “Superfish” spyware on laptops that tracked the online movements of users without their knowledge. The egregious privacy violation affected hundreds of thousands of people and resulted in a multimillion dollar settlement with the Federal Trade Commission in 2017.
USA TODAY Editorial Board: President Donald Trump is correct on China’s Huawei
More recently, Lenovo’s fingerprint scanner software was found to potentially expose login-in credentials and fingerprints, making such data vulnerable to cyber attacks. The U.S. Navy, Department of Homeland Security, State Department and Joint Chiefs of Staff have warned against the use of Lenovo products. Consumers should consider other options as well.
3. Lexmark Printers
Lexmark printers are a staple in many workplaces throughout America. However, the company has a documented pattern of lax cybersecurity. The National Vulnerabilities Database lists 20 cyber vulnerabilities for various Lexmark printers, such as saving and transmitting network access credentials in plain text and permitting the execution of malicious code on printers. These vulnerabilities could allow remote attackers to use a connected Lexmark printer to launch a denial of service attack on networks. Security researchers also identified how the printers often lack passwords, enabling people with access to the printers to add a backdoor, capture print jobs or take a printer offline.
4. GoPro Hero Cameras
GoPro will offer discounts on its Hero5, 6, 7 and 8 cameras this month. The company, primarily known for its cameras and drones, also produces a mobile app and video-editing software. Potential customers should know how the company was flagged in a government report, which stated “…the cameras have vulnerabilities that could allow a remote attacker access to the stored network credentials and live video streams. By exploiting these vulnerabilities, a malicious actor could view the video stream, start recording, or take pictures without the user’s knowledge.” Other news reports documented how hackers can take advantage of weak passwords to take control of cameras to shoot photos and videos.
Don’t give them what they want: Paying ransomware pirates only encourages more criminal hackers
Significantly, Huawei, Lenovo and Lexmark are Chinese-owned and closely aligned with the Chinese government. China’s National Intelligence Law compels Chinese companies to provide unmitigated intelligence to the government. So some companies with lax security safeguards enable personal data to fall into the hands not only of unauthorized third parties but also foreign adversaries.
Security is worth paying for. Holiday shoppers should not be wary of sticker prices that fail to reflect the full costs of not protecting their personal information and privacy.
Roslyn Layton is co-founder of ChinaTechThreat.com and a visiting scholar at the American Enterprise Institute. Follow her on Twitter: @RoslynLayton.