South Korea is grappling with mounting cybersecurity concerns as Chinese technology products and services pose increasing risks of unauthorized data collection and transfer. Recent findings revealed that AI chatbot DeepSeek had been secretly sending user data to ByteDance, TikTok's parent company, highlighting broader security vulnerabilities in Chinese tech.
Security experts have identified four main types of threats in Chinese IT products, ranging from popular shopping apps like AliExpress and Temu to smart home devices like IP cameras and robot vacuums.
A primary concern involves hidden backdoors embedded during manufacturing that enable unauthorized access to devices. "The most common method is embedding backdoors during manufacturing. We've seen cases where CCTV cameras in public institutions transmitted footage directly to China," said Jeon Deok-jo, CEO of network detection and response firm CQVista.
These security gaps extend beyond consumer devices to critical infrastructure. Surveillance cameras at military facilities and municipal CCTV systems have shown similar vulnerabilities. Standard security solutions often fail to detect these sophisticated backdoors, requiring constant network traffic monitoring.
Chinese hacker groups have also been found distributing compromised hardware. "Some groups sell USB drives preloaded with malware. We discovered cases where cheap USBs from sites like AliExpress executed malware immediately upon connection," revealed Lee Ho-seok, team leader at SK Shieldus' EQST Lab.
The risks extend to mobile apps and websites. While app permissions have improved, users may unknowingly grant access to personal data. Fake websites masquerading as legitimate services have been caught spreading ransomware.
Professor Youm Heung-youl from Soonchunhyang University emphasizes the lack of transparency: "Users have no way of knowing what information is being collected or where it's being sent. Chinese services may bypass requirements for explicit consent when transferring personal data overseas."
These vulnerabilities pose threats beyond individual privacy. Compromised devices can serve as entry points for larger-scale attacks on corporate and public networks, potentially leading to widespread data breaches with national security implications.
As South Korea continues to integrate Chinese technology into various sectors, the challenge of protecting sensitive data while maintaining technological advancement remains a pressing concern for security experts and policymakers.