Chinese Supplier Hid Malware in 215 CCTV Units
Rep. Ha Tae-kyung Calls for Urgent Full Inspection of Military Surveillance Equipment
Malicious code designed to transmit military secrets to servers in China was discovered in military surveillance equipment.
Malicious code designed to transmit military secrets to Chinese servers was discovered in military surveillance equipment, prompting authorities to take urgent measures belatedly.
According to the "Sea and Coastal Defense System Vulnerability Inspection Results" submitted by the Ministry of National Defense to Rep. Ha Tae-kyung of the People Power Party on the 26th, the Defense Security Command (Anbosa) confirmed that a Chinese company embedded malicious code that secretly leaks military secrets before delivering the equipment to the military. The relevant authorities stated, "Malicious code was found in all 215 units of the surveillance equipment to be delivered, and emergency measures are underway."
This malicious code was also linked via a backdoor to sites distributing multiple other malicious codes. A backdoor refers to a pathway that allows unauthorized access to a system by specific individuals without any security authentication.
Additionally, serious security vulnerabilities were reported, including ▲ the ability to arbitrarily change the storage path to save video information on other devices such as PCs, and ▲ the internet network (ftp, telnet, etc.) being open to allow remote access, making it easy for outsiders to infiltrate the system. All of these are violations of the "National Information Security Basic Guidelines" that could result in the wholesale transfer of military secrets.
Anbosa stated, "If only an internet environment is established, there is a security threat that military secrets can sufficiently leak outside even from internal networks, similar to the 2016 Defense Network hacking incident."
Rep. Ha said, "This is the first time malicious code has been found in military surveillance equipment," and added, "An urgent full inspection of all military surveillance equipment currently in operation is necessary to determine whether military secrets are being entirely leaked."
Rep. Ha also noted, "Although the servers are Chinese, it has not been confirmed whether the Chinese government was directly involved," and cautioned, "We should be careful not to overinterpret the situation."
The Ministry of National Defense explained, "Since all networks are configured as internal networks only, the risk of military information leakage is minimal."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
