Recently, United States President Donald Trump has been calling for the sale of the Chinese application, TikTok to an American company or see its use banned in the U.S. The plan has come under considerable opposition from many Americans addicted to the app. However, Trump reiterated his threats citing “the potential for leakage of personal user information and the risk to national security” as the reasons for his decision. So how did it get to this point?
A backdoor is a system that allows remote access to computers, cryptographic systems, etc. without going through the normal authentication process. It is intentionally incorporated mainly in the design or development stage of products but may also be created by corrupting software transmitted through security holes in operating systems. The backdoor may be partially hidden in the program or can be fully hidden. Through it, someone can freely access the personal information of users or organizations. Tiktok has suffered from many backdoor privacy breaches leading governments worldwide to fear China’s backdoor access to the individual mobile phones of its users. In 2016, a backdoor was found in a Chinese made mobile phone produced by the company Huawei leading the US to encourage the international community to ban the use of Chinese applications and electronic goods produced by country.
|▲ The picture of WeChat, an application in China that has been embroiled in controversy over privacy violations. (Photo from China Focus)|
Research out of the U.S. Pentagon found evidence of collusion between China and Huawei, but said it would be difficult to find any planted backdoors by the manufacturer. As a result, LG's decision to adopt the use of components produced in China in its 5G network has been controversial.
However, the controversy concerning the use of Chinese planted backdoor technology is not restricted to the United States. The problem is worsening all around the world. In Korea, it was revealed that Samsung Electronics was using Chihu 360, a Chinese security company's program, for its storage management tools. This function was provided by Samsung Electronics as a basic component on their handsets and users could not delete or prevent it use. It was found that the program communicated with a Chinese server when cleaning up its cache.
While the United States is vocal about the problem of privacy, U.S. computer engineer Edward Snowden, who worked for the Central Intelligence Agency (CIA) and National Security Agency (NSA), raised suspicions regarding a PRISM program and that most Internet services, including Google, Facebook, Apple, Yahoo, and Skype, operated a backdoor program through their platforms. He claimed they contacted Linux and Windows to install this backdoor, and that a backdoor deal was also made with Rivest Shamir Adleman (RSA), another data security company. In addition, Zweites Deutsches Fernsehen (ZDF), a German public broadcaster, revealed that the CIA sold Swiss cryptographic equipment companies to governments in every country and collected confidential information for decades.
So why is China alone on blast, despite the global proliferation of backdoors? The answer is found in a Chinese law that allows its government to conduct spying legitimately. The National Information Act of China permits the monitoring of domestic individuals and organizations, but also foreign countries. According to the law, China's intelligence agencies are free to install eavesdropping devices or surveillance facilities in vehicles, communication equipment and buildings owned by individuals and organizations to collect information. This is not the only dangerous policy in China. In November 2018, the Internet Safety Supervision and Inspection Regulations came into effect as a new policy in China. According to the law, Chinese police can view and copy data without a warrant. So, the Chinese government’s unfettered ability to spy has become a reality.
When using Chinese applications, the terms and conditions clearly state "The Chinese government agrees to release information to the government whenever it wants," which has caused controversy in “WeChat” and other applications. The Chinese government has already censored WeChat conversations for Chinese and international users alike. Major censorship targets are politically sensitive words, with the WeChat app forwarding the user's location when they sent out any politically charged messages. As a result, countries around the world grew nervous and the threat of China's backdoor access became cause for more serious concern.
Cho Seong-je, professor of Software Science at Dankook University said that there have always been backdoor issues. “For example, in 2002, ‘Backdoor.Win32.Schoolbus’ spread through unrecognized files enabling hackers to easily access the private information of users.” He also mentioned ‘Titanium’, which is currently being spread throughout South and Southeast Asia by an advanced persistent threat (APT). An APT is a covert actor that secures undetected access to computer networks.
When asked about the technical prevention of backdoor files, he said, “We know backdoor software can be prevented by anti-virus programs. However, it is nearly impossible to prevent a supply chain attack, which is an embedded in backdoor programs from a microchip implanted during a hardware making process.” He added, “It is similar to shield and sword. Whenever a new defense method comes out, another new attack method follows.” He compared preventing backdoor to the arms race saying, “That’s why it is has been nearly impossible to completely prevent malicious backdoor problems up to now.” What’s worse is that if the defender turns a blind eye to the attack, the problem will only worsen. “So, reliable groups including countries and companies need to work together to prevent backdoors from settling in.” So how can non-experts prevent backdoor attacks? He explained, “There are limited ways to prevent these kinds of attacks but mostly it depends on user behavior. Do not download unrecognized files and programs, and use an anti-virus program.” However, hidden hardware and software backdoors are hard to prevent unless you are an expert in the field. He said, “Realistically, it is difficult to not use Chinese made electronics. For example, LG’s decision to adopt Huwaie’s equipment for its 5G network will result in cost and performance problems.” He also emphasized the continued importance of finding new methods to detect backdoor access in software and hardware.
The TikTok controversy is a small part of the backdoor problem and should not be limited to complaints against China. Backdoor access is evolving around the world and its impact carries serious implications for everyone. Even if it cannot be prevented completely, people can do their part to prevent its spread as much as possible.
임재도, 최윤서, 서영진 email@example.com