An analysis conducted recently by cybersecurity firm Forescout shows that the number of Chinese-manufactured devices present in US networks has been increasing over the past year, despite efforts to prevent the use of such products due to security concerns.
Over the past years, the United States government has taken action to reduce the potential risks posed by the use of products made in China, banning the sale of communications equipment and allocating significant amounts of money to help organizations replace Chinese gear in their networks.
A recent executive order focusing on the cybersecurity of US ports highlighted the risks associated with the use of Chinese cranes, with other initiatives targeting energy-storage batteries, and cars made in China.
Despite these efforts, Forescout’s analysis found that the number of China-made devices in US networks has increased by more than 40% in the past year, from 185,000 in February 2023 to nearly 300,000 in February 2024. The 300,000 devices came from 473 different manufacturers.
This represents close to 4% of the total number of 7.5 million US-located devices currently in Forescout’s repository of connected enterprise devices, which includes data on 19 million IT, IoT, OT and IoMT (medical) products from its customers’ networks.
Roughly 88% of the Chinese-manufactured devices located in the United States are IT products, followed by IoT (9%), OT (2%) and IoMT (1%). A vast majority of devices are computers, followed at a distance by mobile devices, and surveillance products. The most widely encountered manufacturer is Lenovo, followed by Hikvision.
Forescout warned that critical infrastructure sectors such as healthcare, manufacturing and government are the most impacted. In the case of the government, the most commonly found Chinese devices are surveillance cameras made by Honeywell Security China and VoIP phones from Yealink.
A Shodan search showed hundreds of thousands of devices from the most popular Chinese manufacturers are directly connected to the internet, which could expose them to remote attacks.
As for other countries, Forescout saw an increase from 10,000 China-made devices to 20,000 in the UK over the past year. An increase of 37% was seen in Australia and an increase of 67% was observed in Singapore. A drop of 14% has been seen in Canada, and a drop of 25% was seen in Germany over the past year.
The main concern associated with the use of Chinese products is that the Chinese government could leverage them for espionage or to cause disruption, possibly through the use of intentionally planted backdoors.
“Organizations must pay attention to every asset on their network, be it IT, IoT, IoMT or OT, because they all can present cyber risks. Devices that carry additional risk due to where they were manufactured must be inspected even more closely,” Forescout cautioned.
Related: Canada Bans WeChat and Kaspersky on Government Phones
Related: Australian Defense Department to Remove Chinese-Made Cameras
Related: CISA Warns of Hikvision Camera Flaw as US Aims to Rid Chinese Gear From Networks