U.S. Warns Of Spy Dangers Of Chinese-Made Drones(npr.org)
npr.org
U.S. Warns Of Spy Dangers Of Chinese-Made Drones
https://www.npr.org/2019/05/29/727612692/we-re-not-being-paranoid-u-s-warns-of-spy-dangers-of-chinese-made-drones
162 comments
They don't say what the threat is because it is the same threat that we are facing from US companies... I'm pretty sure that you can guess it.
It's about what could also. Every Chinese company with > 50 employees has a representative of the Communist party on the board.
It's defined by law and law works very differently in China.
It's defined by law and law works very differently in China.
There have been instances whereby a robotic hoover (Xaomi(sp?) one?) have been sending their generated floor maps back to servers in CN, so I don't think it's unreasonable to assume drones could be doing the same thing.
Teslas send loads of stuff back to Tesla servers which I'd assume are in the U.S. It's not an unusual thing to do in this cloud-happy day and age.
It's not a debate over whether the US hoovers up information. Most of this US vs China debate centers on one thing: which side do you want to give your information to. That is what is being argued over; that dispute is going to get worse for a while yet as China pushes outward globally in its tech ambitions.
The better alternative: I don't want anyone to have my information - unfortunately is largely not going to be an option. The choice will mostly be between the US and China (or in some cases, European tech providers, which will frequently work with the US). If it's not already that way, it certainly is going to be in the next 10 or 20 years.
The better alternative: I don't want anyone to have my information - unfortunately is largely not going to be an option. The choice will mostly be between the US and China (or in some cases, European tech providers, which will frequently work with the US). If it's not already that way, it certainly is going to be in the next 10 or 20 years.
The issue is that everyone's burned out by ridiculously long overly-broad EULAs written in impenetrable legalese. The general sentiment even, here on HN where people should know better, is "sure, they SAY they can do those things but (it's just boilerplate | they wouldn't really ever do that stuff | they really just meant this much more benign thing | they need that access to provide the product | it helps them debug problems)". And then people act all shocked when, once again, a company does precisely what it told you it was going to do.
A classic example is the "we collect your data to provide X service" / "you can disable service X" that we see all over the place. Everyone reads it as "you can disable data collection" but that's not what it says, and it's not what really happens.
The better alternative is to not accept this kind of invasiveness but the ease and convenience of giving in is too seductive for most people, so we invent a comfort belief that it's somehow benign or at worst irrelevant.
A classic example is the "we collect your data to provide X service" / "you can disable service X" that we see all over the place. Everyone reads it as "you can disable data collection" but that's not what it says, and it's not what really happens.
The better alternative is to not accept this kind of invasiveness but the ease and convenience of giving in is too seductive for most people, so we invent a comfort belief that it's somehow benign or at worst irrelevant.
Sure, I can imagine that's fine for car telemetry and you enter into that knowing. It's common technology, even pool cars will have a black logging box. Do I expect a device in my home to be mapping out the floorspace and sending that back to unknown parties (whatever the location) without consent? Then no, that's different.
They're covered in cameras too. Imagine finding out your car has been uploading photos of the security detail inside your embassy. Pooh-poohing it away as "car telemetry" is like calling Cambridge Analytica's shenanigans "gathering metrics".
Tracking every move outside of your house is A-OK but knowing your floorplan is unimaginable?
Why?
Why?
We're talking national security. I hope nobody is running a Xiaomi robot vacuum at a sensitive or classified site, or any other brand of robot vacuum for that matter...
There's a difference between individual invasions of privacy and national security. There's definitely Chinese apps that invade your privacy. There's also Western apps that do too. The question is of national security however.
There's a difference between individual invasions of privacy and national security. There's definitely Chinese apps that invade your privacy. There's also Western apps that do too. The question is of national security however.
> I hope nobody is running a Xiaomi robot vacuum at a sensitive or classified site, or any other brand of robot vacuum for that matter...
Remember when Strava's heatmap of running tracks leaked information about military bases? https://twitter.com/Nrg8000/status/957318498102865920
Remember when Strava's heatmap of running tracks leaked information about military bases? https://twitter.com/Nrg8000/status/957318498102865920
Observing private homes can help select your targets. By observing the inside of the home you may learn if the owner has access to secrets (national security or commercial), what kind and what level. From where you can switch to traditional methods. My 2c.
It gives you the layout of homes, it doesn't allow you to observe their occupants. It is a spinning laser.
Add voice control ("Hey Robot, run a sweep") and WiFi and you have a very capable spy system. Not to mention cameras and GPS which could all be justified in terms of improving the performance of robot vacuums.
There is a difference, and individual privacy is more important.
"National security" is a vague term that is always abused to make money, take away liberties or kill people.
"National security" is a vague term that is always abused to make money, take away liberties or kill people.
That was Roomba, owned by the American company iRobot.
https://www.nytimes.com/2017/07/25/technology/roomba-irobot-...
https://www.nytimes.com/2017/07/25/technology/roomba-irobot-...
I saw this via BBC Click, this weekend. There was a room full of IoT devices and they were showing how chatty they all were via wireshark. They specifically said floormaps had been found being sent back to servers in CN.
I saw a lot of concern about sending data to servers in a specific location such as CN. However, there is no such thing as Custom for Data. So, I think sending data to either CN or any other place is not much different.
Data is subject to export restrictions and customs same as anything else. Some countries even mandate where and how data must be stored.
Sources?
It was on this week's BBC Click program, there was a full room of IoT devices with wireshark showing their packet traces.
Let's assume that they're encrypting the payload before sending it back home and we've broken their encryption techniques.
You don't think it would do a lot of harm to publish detailed analyses letting them know we've broken their encryption?
You don't think it would do a lot of harm to publish detailed analyses letting them know we've broken their encryption?
You could publish a white paper demonstrating that "unknown" data is being sent and look at the code/device that is sending it (since they're in the US). There's no need to even break encryption if you have the sending device.
luckylion(1)
Well, the specific concern is that all new tech ships with OTA update capability. Infrastructure should probably never have this in the first place for a variety of reasons, but it does and it will because the of huge cost savings it can enable. When the Chinese government can tightly control the companies under it, and those companies control the OTA update, then nothing produced by those companies can ever be considered safe so longer as China is considered adversarial. The same could absolutely be said about US made products being used in countries that the USA is adversarial against, and that's likely how the USA government started thinking about it.
"Hey, what's a great way to deal with China if we go to war? Whataminute, they could do that to US!"
Just look at the havoc that has happened unintentionally due to bad updates being pushed out on a large scale and extrapolate to what could happen with a malicious actor at full control.
"Hey, what's a great way to deal with China if we go to war? Whataminute, they could do that to US!"
Just look at the havoc that has happened unintentionally due to bad updates being pushed out on a large scale and extrapolate to what could happen with a malicious actor at full control.
I don't see how the trade war fixes the possible security issue caused by a potential OTA update in a potential conflict, a solution would be to make illegal OTA updates for critical hardware and software without getting the update reviewed. So military or other important things would buy only products that are reviewed and with updates that are signed by the government.
Or even simpler have this hardware and software setup to only get OTA updates and commands only from central command.
This feels so hypocritical considering that many PC around the world run CPUs that have Intel ME or equivalent and there is no media coverage of known backdoors in CPUs(I know technically it is a fully featured remote management feature that had some bugs in the past but Intel assures us that there are no more critical bugs and for sure no intentional bugs and this enterprise feature is also included in all CPUs not only in enterprise ones)
Or even simpler have this hardware and software setup to only get OTA updates and commands only from central command.
This feels so hypocritical considering that many PC around the world run CPUs that have Intel ME or equivalent and there is no media coverage of known backdoors in CPUs(I know technically it is a fully featured remote management feature that had some bugs in the past but Intel assures us that there are no more critical bugs and for sure no intentional bugs and this enterprise feature is also included in all CPUs not only in enterprise ones)
The trade war -- if done right -- would supposedly force China to make some real concessions if they want the trade war to end. For instance, they almost agreed to end the forced tech transfers from US to Chinese companies, but then they changed their minds, which seems to be what actually prompted the recent tariff raise to 25%.
I understand not "making the economic situation worse", but sometimes things have to get worse before they get better. Obama had "good relationship with China" and China trampled all over American companies because of it, pretty much making up whatever demands they wanted if those companies wanted to do business there. Plus, even before the trade war, car imports had 25% tariffs in China, and I think 0-5% in the U.S. for the reverse.
It reminds me of when Google was "open" with the Gmail and GChat APIs, and then Facebook abused it to get all of Gmail's contacts through the mass-invite feature, while Google couldn't do the same with Facebook contacts.
Similarly, Microsoft was working on adding GChat support to Skype - but the reverse (Skype in GChat) wasn't possible. This example illustrates pretty well why you can't always be "open to everyone, no matter what", when some can become hyper-aggressive in exploiting what you have to offer when being so open, but not paying it back in any form.
I believe I also read a recent comment about RISC-V developers giving the Chinese the could shoulder in collaborations, because Chinese developers tend to "take take take" and not contribute anything back, ever.
I even see it all the time with people praising Samsung, etc for "innovating more than Google", forgetting the fact that 95% of the OS is Google's work.
I understand not "making the economic situation worse", but sometimes things have to get worse before they get better. Obama had "good relationship with China" and China trampled all over American companies because of it, pretty much making up whatever demands they wanted if those companies wanted to do business there. Plus, even before the trade war, car imports had 25% tariffs in China, and I think 0-5% in the U.S. for the reverse.
It reminds me of when Google was "open" with the Gmail and GChat APIs, and then Facebook abused it to get all of Gmail's contacts through the mass-invite feature, while Google couldn't do the same with Facebook contacts.
Similarly, Microsoft was working on adding GChat support to Skype - but the reverse (Skype in GChat) wasn't possible. This example illustrates pretty well why you can't always be "open to everyone, no matter what", when some can become hyper-aggressive in exploiting what you have to offer when being so open, but not paying it back in any form.
I believe I also read a recent comment about RISC-V developers giving the Chinese the could shoulder in collaborations, because Chinese developers tend to "take take take" and not contribute anything back, ever.
I even see it all the time with people praising Samsung, etc for "innovating more than Google", forgetting the fact that 95% of the OS is Google's work.
Nonsense!
If a deal hasn't been made, each side could change their mind, right? If we want to make a deal and I take great advantages on you, is it right for me to accuse you if you regrete before the deal is made?
"because Chinese developers tend to "take take take" and not contribute anything back, ever." It's not ture. For example, Siggraph is the best conference in the computer graphics field. In 2018, the number of papers that contain Chinese or ethnic Chinese is 45%.
Besides, many Chines and ethnic Chinese reasearchers are active in many frontier technology filed such as AI and Computer Vision field.
The acadimic and industry status and constribution of Chines reashers/company are increasing rapidlly.
"because Chinese developers tend to "take take take" and not contribute anything back, ever." It's not ture. For example, Siggraph is the best conference in the computer graphics field. In 2018, the number of papers that contain Chinese or ethnic Chinese is 45%.
Besides, many Chines and ethnic Chinese reasearchers are active in many frontier technology filed such as AI and Computer Vision field.
The acadimic and industry status and constribution of Chines reashers/company are increasing rapidlly.
> the number of papers that contain Chinese or ethnic Chinese is
Nobody cares about any "ethnic Chinese" fraction. We're discussing a trade war between US and PRC, not some racial struggle between Chinese and Caucasians or whatever.
Nobody cares about any "ethnic Chinese" fraction. We're discussing a trade war between US and PRC, not some racial struggle between Chinese and Caucasians or whatever.
my Chinese friends feel all very similarly. While I don't agree with them, it's not productive to be insensitive to their concerns. That's not how you solve conflict.
Your economic facts(though some of them don't sound real) are of topic in the security discussion. If a real war starts between A and B the fact that A and B respected all the trade agreements is irrelevant. Ex: US spies on their allies, so you can respect all trades, be allies and still have espionage. The solution would be to have security features, like open source the code, firewall critical components etc.
The trade war won't fix issues with OTA as a vulnerability. It is useful for the US to point it out to tip things in their favor so it gets a lot of coverage.
I also agree with you that the solution to OTA updates is tight control, but that isn't realistic either. They are talking about drones in the article. These are devices bought and run by companies that build infrastructure in the US but are not directly related to the government. They want OTA because it has legitimate benefits in worker time and cost savings and helps keep their "fleet" running with all the latest features.
Now, an example attack might be an OTA update for the drone controller to shunt mapping data back to home base in China to give them high quality military maps of infrastructure for attack planning. The attack might be unrealistic, but the spying threat isn't. Alternatively, if car autopilot takes off, imagine the economic damage an OTA attack could do that causes 30% of the traffic in the US to just stop. To prevent this sort of attack, you would have to review ALL code coming out of China since you can't directly hold them responsible after the fact when they are out of your sovereign jurisdiction. The kind of dedicated and educated workforce required to code check all firmware/software updates for such huge classes of consumer products is just not going to happen and it can only get worse.
Intel ME is an abomination, but it's also well known and gets a lot of coverage. It's just not in the mainstream news right this minute.
I also agree with you that the solution to OTA updates is tight control, but that isn't realistic either. They are talking about drones in the article. These are devices bought and run by companies that build infrastructure in the US but are not directly related to the government. They want OTA because it has legitimate benefits in worker time and cost savings and helps keep their "fleet" running with all the latest features.
Now, an example attack might be an OTA update for the drone controller to shunt mapping data back to home base in China to give them high quality military maps of infrastructure for attack planning. The attack might be unrealistic, but the spying threat isn't. Alternatively, if car autopilot takes off, imagine the economic damage an OTA attack could do that causes 30% of the traffic in the US to just stop. To prevent this sort of attack, you would have to review ALL code coming out of China since you can't directly hold them responsible after the fact when they are out of your sovereign jurisdiction. The kind of dedicated and educated workforce required to code check all firmware/software updates for such huge classes of consumer products is just not going to happen and it can only get worse.
Intel ME is an abomination, but it's also well known and gets a lot of coverage. It's just not in the mainstream news right this minute.
>Intel ME is an abomination, but it's also well known and gets a lot of coverage. It's just not in the mainstream news right this minute.
It was probably only a topic on technical forums.
Technical question, can't you build a drone that does not need OTA updates from manufacturer ? You have it connect only to your trusted IPs.
Also sending the high definition photos to China won't appear on anybody network traffic? You just need 1 person to detect it and you have the some kind of proof(though when a similar thing happened with Amazon Alexa it was blamed as a bug and not espionage).
It was probably only a topic on technical forums.
Technical question, can't you build a drone that does not need OTA updates from manufacturer ? You have it connect only to your trusted IPs.
Also sending the high definition photos to China won't appear on anybody network traffic? You just need 1 person to detect it and you have the some kind of proof(though when a similar thing happened with Amazon Alexa it was blamed as a bug and not espionage).
>Technical Question
Of course you can, but even then you're still trusting the firmware that is being put out by the potentially hostile company even if you gate keep it. To check it would require a software team at least as large as the potentially hostile one for any serious attack. That's a big economic incentive to trust the manufacturer.
>sending the high definition photos
Or you could just send metadata, telemetry, and flight diagnostics that can be used to build up sensitive information under the guise of metrics. Remember that the NSA was mostly just using metadata too.
>it was blamed as a bug and not espionage
In these cases, the two look exactly the same in software, so proving one or the other is very difficult.
Of course you can, but even then you're still trusting the firmware that is being put out by the potentially hostile company even if you gate keep it. To check it would require a software team at least as large as the potentially hostile one for any serious attack. That's a big economic incentive to trust the manufacturer.
>sending the high definition photos
Or you could just send metadata, telemetry, and flight diagnostics that can be used to build up sensitive information under the guise of metrics. Remember that the NSA was mostly just using metadata too.
>it was blamed as a bug and not espionage
In these cases, the two look exactly the same in software, so proving one or the other is very difficult.
So from your points all Chinese products should be made illegal until China will not be a threat to US, this means until China collapses or kisses US butt.
> You have it connect only to your trusted IPs.
Wi-Fi makes that pretty damn hard to verify. In theory, malicious firmware could even opportunistically link up with other malicious firmware acting as a bridge via some undocumented protocol that would only be detectable by looking at the raw spectrum.
Wi-Fi makes that pretty damn hard to verify. In theory, malicious firmware could even opportunistically link up with other malicious firmware acting as a bridge via some undocumented protocol that would only be detectable by looking at the raw spectrum.
yeah, but we should think and implement security measures in all systems indifferent of politics and economics. Imagine some terrorists hacks Tesla server and sends a command for all cars to crash. We would need all important systems to be designed in the assumption that something bad will eventually happened(hackers, company goes out of business, stupidly(see Firefox addons issue) ) etc
>> The same could absolutely be said about US made products being used in countries that the USA is adversarial against
Such as, itself.
Such as, itself.
Well of course. Every country has at some point been hostile to it's own citizens or some segment of it's population. It's something that the citizenry need to push back on and keep the government in check. But by and large, the US is no where near as adversarial to it's citizens, companies, or infrastructure as China.
That claim would need some substantiation. Not sure how you even measure that.
Certainly, if you and I started spending repeated 30 minute looking for examples of adversarial actions taken by the US and China against their people, neither of us would run out of examples before tomorrow.
So what are you claiming exactly?
Certainly, if you and I started spending repeated 30 minute looking for examples of adversarial actions taken by the US and China against their people, neither of us would run out of examples before tomorrow.
So what are you claiming exactly?
I was responding to TallShortGuy's snarky assertion that the US conducts espionage on itself. Of course it does, everyone knows it does, and almost every other country does the same.
The fact that the US spies on itself does not mean that there is not a greater threat of espionage from China or that the US should ignore the possibility.
I was also asserting that I personally do not believe that a government should conduct espionage on it's own people and that society needs to push back against such actions. Even in cases where another country is highly adversarial to you, the milder home country might be much worse because of their proximity and involvement in your day to day life.
I was also asserting that I personally do not believe that a government should conduct espionage on it's own people and that society needs to push back against such actions. Even in cases where another country is highly adversarial to you, the milder home country might be much worse because of their proximity and involvement in your day to day life.
I don't understand for example why 5g infrastructure can't work like WSUS. All your devices point at your own update servers, and on the update servers you can approve and decline the distribution of certain upstream updates.
> Just publish technical information. It isn't hard. It would do huge damage to the Chinese and reinforce the US's whole argument.
I doubt that it would damage China. The existence of the threat is already well publicized.
I think that U.S. intelligence does not talk about specific threats because the attack vectors would probably misunderstood and underestimated by the general public. There would inevitably be pushback like "Gee, we have to give up our drones just because of X?!"
The consequences from these types of events aren't felt immediately, and many people perceive that as being equivalent to no consequences at all.
I doubt that it would damage China. The existence of the threat is already well publicized.
I think that U.S. intelligence does not talk about specific threats because the attack vectors would probably misunderstood and underestimated by the general public. There would inevitably be pushback like "Gee, we have to give up our drones just because of X?!"
The consequences from these types of events aren't felt immediately, and many people perceive that as being equivalent to no consequences at all.
This has nothing to do with convincing the general public. The US is struggling to convince their own allies that the threat is real, and definitely haven't convinced the technical community they need to stop buying e.g. Huawei hardware.
> The existence of the threat is already well publicized.
Parroting the same vague "there's a threat, but the threat is secret so we cannot tell you about it" isn't well publishing anything. It is bordering on fear mongering. A well publicized threat would be a series of white papers describing in technical terms the weaknesses/backdoors/etc in Chinese manufactured hardware.
> The existence of the threat is already well publicized.
Parroting the same vague "there's a threat, but the threat is secret so we cannot tell you about it" isn't well publishing anything. It is bordering on fear mongering. A well publicized threat would be a series of white papers describing in technical terms the weaknesses/backdoors/etc in Chinese manufactured hardware.
You don't need a whitepaper to say "Any device with over-the-air updates (or server-side processing) controlled by a Chinese company can receive anytime new software (thus a payload) controlled by the Chinese intelligence services".
This is what's implied.
This is what's implied.
It feels more likely to imply that "we have no hard evidence". So the argument still boils down to "because China", not "because spying". Which isn't a strong argument if you like to (at least try to) draw your own conclusion and not be fed one.
Are you worried that your iPhone or Tesla will be hijacked the same way? You already know this happened before with the knowledge of the companies involved (secret subpoenas or national security letters) or without it (beacon implants).
Are you worried that your iPhone or Tesla will be hijacked the same way? You already know this happened before with the knowledge of the companies involved (secret subpoenas or national security letters) or without it (beacon implants).
> It feels more likely to imply that "we have no hard evidence".
There is hard evidence of the vulnerability, which logically follows from any OTA update capability, but there may be no hard evidence of exploitation yet.
Think of it this way: if your software has a RCE, you fix or mitigate it regardless if it's actively being exploited or not.
> Are you worried that your iPhone or Tesla will be hijacked the same way?
That's a very valid concern for some people.
Ultimately, software security boils down to "who do you trust?". Say what you will about the US, but your goals and values are very likely less incompatible with those of the US than with those of authoritarian China [1] [2].
[1] https://www.nytimes.com/2013/08/20/world/asia/chinas-new-lea...
[2] https://en.wikipedia.org/wiki/Document_Number_Nine
There is hard evidence of the vulnerability, which logically follows from any OTA update capability, but there may be no hard evidence of exploitation yet.
Think of it this way: if your software has a RCE, you fix or mitigate it regardless if it's actively being exploited or not.
> Are you worried that your iPhone or Tesla will be hijacked the same way?
That's a very valid concern for some people.
Ultimately, software security boils down to "who do you trust?". Say what you will about the US, but your goals and values are very likely less incompatible with those of the US than with those of authoritarian China [1] [2].
[1] https://www.nytimes.com/2013/08/20/world/asia/chinas-new-lea...
[2] https://en.wikipedia.org/wiki/Document_Number_Nine
The lesser evil. The enemy of my enemy is my friend. History is full of examples where people followed short term aligned interests straight into long term suffering.
Do you think it's more about your values or somebody's ego and interests?
Do you think it's more about your values or somebody's ego and interests?
Lets be real here "because China" is a decent enough argument in the US at the moment. Just swallow the propaganda.
This is a great argument against all OTA devices.
But if the US actually took that threat seriously, half of the Valley would be out of a job tomorrow.
But if the US actually took that threat seriously, half of the Valley would be out of a job tomorrow.
> This is a great argument against all OTA devices
Indeed. And for life safety uses it's appropriate. In safety-conscious settings such as those involving line voltages requiring NRTL (UL for ex) listing OTA updates are forbidden: One must have physical access to the device to perform a permitted [0] code update.
[0] And the code updates themselves are subject to IEC 60730/UL 1998 or it's back to the NRTL for more testing
Indeed. And for life safety uses it's appropriate. In safety-conscious settings such as those involving line voltages requiring NRTL (UL for ex) listing OTA updates are forbidden: One must have physical access to the device to perform a permitted [0] code update.
[0] And the code updates themselves are subject to IEC 60730/UL 1998 or it's back to the NRTL for more testing
It's a great argument for devices made in the US. We can't trust Chinese tech yet we don't make our own.
> The US is struggling to convince their own allies that the threat is real
The US has to convince their allies that buying from China is more dangerous than buying from the US. I don't think anybody doubts there isn't a threat.
The US has to convince their allies that buying from China is more dangerous than buying from the US. I don't think anybody doubts there isn't a threat.
> I think that U.S. intelligence does not talk about specific threats because the attack vectors would probably misunderstood and underestimated by the general public.
I doubt intelligence agencies care about convincing public one way or another. I suspect they are worried about revealing details of their methods and thus have a blanket "say nothing" default mindset.
I doubt intelligence agencies care about convincing public one way or another. I suspect they are worried about revealing details of their methods and thus have a blanket "say nothing" default mindset.
> "I doubt intelligence agencies care about convincing public one way or another"
Why say anything at all then? Saying nothing is one thing, but they are saying something. Why the half-hearted messaging? I honestly don't get it.
Why say anything at all then? Saying nothing is one thing, but they are saying something. Why the half-hearted messaging? I honestly don't get it.
> I doubt that it would damage China. The existence of the threat is already well publicized.
It'd certainly damage Chinese companies and curtail those companies' utility as sources of intelligence. How many drones do you think DJI would sell if it became known that flight logs and aerial photos were being uploaded to the Chinese government? (This is all purely hypothetical but the DJI app is very aggressive about permissions and updates, so they absolutely could if they wanted to. I have a dedicated phone for mine which never gets to connect to the internet, for this very reason.)
It'd certainly damage Chinese companies and curtail those companies' utility as sources of intelligence. How many drones do you think DJI would sell if it became known that flight logs and aerial photos were being uploaded to the Chinese government? (This is all purely hypothetical but the DJI app is very aggressive about permissions and updates, so they absolutely could if they wanted to. I have a dedicated phone for mine which never gets to connect to the internet, for this very reason.)
> How many drones do you think DJI would sell if it became known that flight logs and aerial photos were being uploaded to the Chinese government
Roughly about as many as today. A recreational or content production drone is sitting dead without a battery >>95% of the time. This is a much weaker threat model (both objectively and in the perception of consumers) than all those connected, always-on microphones and cameras installed in homes, offices and pockets.
I mention this as a precedent: to many people out there, "the Chinese government" isn't a lot more foreign than "some American tech empire" and data-derived unpleasantries are far more likely to have practical implications for them with US immigration than with the Chinese communist party (because the US is still more open). And yet those people still buy westcoast-designed (and connected) devices like hotcakes.
Roughly about as many as today. A recreational or content production drone is sitting dead without a battery >>95% of the time. This is a much weaker threat model (both objectively and in the perception of consumers) than all those connected, always-on microphones and cameras installed in homes, offices and pockets.
I mention this as a precedent: to many people out there, "the Chinese government" isn't a lot more foreign than "some American tech empire" and data-derived unpleasantries are far more likely to have practical implications for them with US immigration than with the Chinese communist party (because the US is still more open). And yet those people still buy westcoast-designed (and connected) devices like hotcakes.
Nobody wants to give up cheap Chinese goods and buy expensive American goods (which are all made in China just the same hilariously) simply because America asks so nicely. Yeah I just ordered a Xiaomi mi9 and I feel fine.
If there was indeed a threat to national security I trust my own government to make decisions not the US.
If there was indeed a threat to national security I trust my own government to make decisions not the US.
>These vague "The Chinese are up to something but we cannot reveal what" isn't really helpful, particularly given the current trade tensions (and political motivations e.g. "bring jobs home").
Isn't that the purpose? To fuel the trade tensions for the home team.
Don't expect truth in trade wars...
Isn't that the purpose? To fuel the trade tensions for the home team.
Don't expect truth in trade wars...
I think the purpose is to drum up FUD for the MIC. If China were really this Big, Bad Threat, we'd cease all trade with them. Nations don't trade with their enemies.
Microsoft did such a write up about a laptop.
Is it that they're pointing to vulnerabilities, not exploits?
1. This class of device has known vulnerabilities
2. These devices are still sufficiently novel that they make economical new and different types of attacks
3. Organizations should consider how these vulnerabilities could potentially compromise your current security plans.
1. This class of device has known vulnerabilities
2. These devices are still sufficiently novel that they make economical new and different types of attacks
3. Organizations should consider how these vulnerabilities could potentially compromise your current security plans.
This reminds me of "believe us they have bio-weapons and need to attack Iraq" trope followed in the recent past. This is just building up media narrative and trying to brainwash people, similar to what happened in the past.
I agree 100%. At this point I am strongly isolationist. If terrorists from another country really start hijacking our planes, let's come up with a solution other than war.
War only serves further destabilizes the country, and it definitely shouldn't be on the table unless someone is actually sending troops on our soil.
Last resort would be banning incoming visitors from that country. Not ideal, but a MUCH better solution than war in my opinion.
War only serves further destabilizes the country, and it definitely shouldn't be on the table unless someone is actually sending troops on our soil.
Last resort would be banning incoming visitors from that country. Not ideal, but a MUCH better solution than war in my opinion.
Because the techniques the Chinese are using in their phones and other tech were most likely pioneered by the NSA and remain classified.
Pretty sure Chinese people would be perfectly capable of developing their own tech if they wanted to
I wonder if public discourse and pop culture in the US will switch from paranoia as a bad or laughable thing (tinfoil hats! area 51!) to paranoia as a civic duty (to some degree, as in WWII and the Cold War).
Though it's more jingoistic, I find the latter less infantilizing, when it's coupled with a guarded paranoia about the US too.
Though it's more jingoistic, I find the latter less infantilizing, when it's coupled with a guarded paranoia about the US too.
McCarthyism 2.0?
These vague "The Chinese are up to something but we cannot reveal what" isn't really helpful, particularly given the current trade tensions
This is exacerbated by the very poor levels of security in these devices in general: DEF CON 23 - Robinson and Mitchell - Knocking my neighbors kids cruddy drone offline
https://www.youtube.com/watch?v=5CzURm7OpAA
However, to put things into perspective, purpose built security cameras -- even expensive ones from well reputed industry brands -- have had similar very poor levels of very poor security for many years.
https://www.youtube.com/watch?v=B8DjTcANBx0
It's not really a problem of drones. It's a problem with the poor levels of security in consumer devices in general. It's "as if" the situation has been engineered to let bad actors do lots of spying.
This is exacerbated by the very poor levels of security in these devices in general: DEF CON 23 - Robinson and Mitchell - Knocking my neighbors kids cruddy drone offline
https://www.youtube.com/watch?v=5CzURm7OpAA
However, to put things into perspective, purpose built security cameras -- even expensive ones from well reputed industry brands -- have had similar very poor levels of very poor security for many years.
https://www.youtube.com/watch?v=B8DjTcANBx0
It's not really a problem of drones. It's a problem with the poor levels of security in consumer devices in general. It's "as if" the situation has been engineered to let bad actors do lots of spying.
They deserve some credit.
The following is a contrived analogy, admittedly not a great one, to illustrate why I suspect they can't give specifics.
Imagine if you have a gigantic elephant standing near a village. It's so big that you can only see one of the following, depending on where you stand: a trunk that can suck people up, legs that can smash, a tail that can create a wind that tosses people about. Three people are standing in different places to see each of these: Alice (trunk), Bob (legs), and Charlie (tail - poor Charlie). Someone comes running into the village and leaves an anonymous note saying a huge being is a threat and it is going to smash houses.
Except the villagers, if they can figure out who was standing where and what they could see, can tell who left the anonymous note. It was Bob, who could see the legs.
Giving the specifics they know about a threat reveals what they know, and what they don't know, and reveals how they might have gotten the information.
The following is a contrived analogy, admittedly not a great one, to illustrate why I suspect they can't give specifics.
Imagine if you have a gigantic elephant standing near a village. It's so big that you can only see one of the following, depending on where you stand: a trunk that can suck people up, legs that can smash, a tail that can create a wind that tosses people about. Three people are standing in different places to see each of these: Alice (trunk), Bob (legs), and Charlie (tail - poor Charlie). Someone comes running into the village and leaves an anonymous note saying a huge being is a threat and it is going to smash houses.
Except the villagers, if they can figure out who was standing where and what they could see, can tell who left the anonymous note. It was Bob, who could see the legs.
Giving the specifics they know about a threat reveals what they know, and what they don't know, and reveals how they might have gotten the information.
You analogy is a perfect demonstration of the US government's tendency to make vague, ominous predictions to stoke fear in its populace so that they will unquestioningly go along with its nefarious intents (ie regime change, chemical warfare, airstrikes on innocent people).
It does always seems like the US government is using mass media as it's mouthpiece to spout propaganda about the boogeyman de-jour.
Anything to deflect away from US matters at home or abroad, anything to keep the populace in constant fear and suspicion - ooh, look what the nasty commies are doing, red danger, oh oh, now it's those terrible immigrants.. oh, now it's those dastardly commies again!
Anything to deflect away from US matters at home or abroad, anything to keep the populace in constant fear and suspicion - ooh, look what the nasty commies are doing, red danger, oh oh, now it's those terrible immigrants.. oh, now it's those dastardly commies again!
This puts to rest all illusions and fantasies of 'free markets', competition, choice and free trade. Markets are political constructs and there is nothing inherently free or fair about them.
There is clearly one set of rules in operation for a chosen few whose companies get access to global markets without fearmongering and thus can grow uninhibited and then the real world where evidence-free scaremongering, demonization and sanctions are used to limit market access, sabotage others and destroy competition before it forms.
And citizens of the former get the privilege of articulating a set of free market values in a depoliticized context free world that don't hold in the real world. But its better this happens than it doesn't so the rest of the world can see through the self serving hypocrisy and plan accordingly. Those with this mindset will always find a way to limit others.
There is clearly one set of rules in operation for a chosen few whose companies get access to global markets without fearmongering and thus can grow uninhibited and then the real world where evidence-free scaremongering, demonization and sanctions are used to limit market access, sabotage others and destroy competition before it forms.
And citizens of the former get the privilege of articulating a set of free market values in a depoliticized context free world that don't hold in the real world. But its better this happens than it doesn't so the rest of the world can see through the self serving hypocrisy and plan accordingly. Those with this mindset will always find a way to limit others.
Agreed. Saying "there is something" but not revealing what it is only keeps the consumers in the dark. The Chinese would go through their entire chain to make sure they hide their tracks again, etc, so it's not like opportunities like counter-surveillance will remain. It's literally stupid to say they can't reveal what it is because there's no benefit and only makes me think Homeland services are idiots.
It seems like they're just saying:
- China makes most of the drones
- A lot of them aren't very secure
Which isn't surprising to me considering the state of things like DVR cameras (also mostly made by China, also plagued with security issues) and similar tech.
The real problem is that consumers want cheap but quality and security aren't cheap. The cost of security isn't obvious and consumers don't really know how to evaluate it.
But, when things like drones and cameras start communicating over the 5G backbone then we should maybe be concerned about who controls both of them.
- China makes most of the drones
- A lot of them aren't very secure
Which isn't surprising to me considering the state of things like DVR cameras (also mostly made by China, also plagued with security issues) and similar tech.
The real problem is that consumers want cheap but quality and security aren't cheap. The cost of security isn't obvious and consumers don't really know how to evaluate it.
But, when things like drones and cameras start communicating over the 5G backbone then we should maybe be concerned about who controls both of them.
> start communicating over the 5G backbone
5G operates at OSI layer 1 (and maybe has some impact on layer 2). I've never heard of any aspect of it changing higher layers, which is where the concerns about control come in. Is there something I'm missing?
If not, 5G has nothing to do with application-level control (eg: controlling a drone's movements, intercepting a camera feed, etc). We'll still use TCP/IP, HTTPS, and everything else we use today. It may or may not be a concern right now (due to inadequate security at the higher OSI layers), but 5G -- or any other type of network topology -- does not change this. Please don't spread this type of psuedo-technical nonsense by making statements like this, especially with anything "5G" which is a current media fascination for some reason (starting to get bored with "IoT" maybe?).
5G operates at OSI layer 1 (and maybe has some impact on layer 2). I've never heard of any aspect of it changing higher layers, which is where the concerns about control come in. Is there something I'm missing?
If not, 5G has nothing to do with application-level control (eg: controlling a drone's movements, intercepting a camera feed, etc). We'll still use TCP/IP, HTTPS, and everything else we use today. It may or may not be a concern right now (due to inadequate security at the higher OSI layers), but 5G -- or any other type of network topology -- does not change this. Please don't spread this type of psuedo-technical nonsense by making statements like this, especially with anything "5G" which is a current media fascination for some reason (starting to get bored with "IoT" maybe?).
That's not what I was suggesting at all.
If you control the cell infrastructure you absolutely can put cellular capabilities into products that aren't explicitly advertised. That would be a bigger risk for surveillance tech.
Your complaint ignores my original statement about controlling both components (cellular and device). There is no need to tamper with someone else's TLS-secured communications or anything, you can just plant cellular capabilities into the devices.
If you control the cell infrastructure you absolutely can put cellular capabilities into products that aren't explicitly advertised. That would be a bigger risk for surveillance tech.
Your complaint ignores my original statement about controlling both components (cellular and device). There is no need to tamper with someone else's TLS-secured communications or anything, you can just plant cellular capabilities into the devices.
I didn't pick up that's what you meant by "both of them" so sorry for my misunderstanding.
However I still don't think 5G is an important factor here. If you control both ends at a higher layer of the stack (eg, it's your own software connecting to your own servers) you can do whatever you'd like. If you have OTA software updates, you can do whatever you like at any point in the future. If this channel is properly secured with TLS no one can intercept or fake it, and if you want, you can design the devices so it won't work without this connectivity present (see: most cloud-based "smart home" devices on the market today).
> If you control the cell infrastructure you absolutely can put cellular capabilities into products that aren't explicitly advertised. That would be a bigger risk for surveillance tech.
So many devices already have internet connectivity built-in, and if money is not a concern you can already incorporate a GSM modem and pay for a link to the existing cellular networks -- it's not like AT&T (or whoever) is going to care what you are doing with the connection, so long as you're paying for it. You can also use other short-range radio links.
I'll grant you that 5G introduces the possibility to have this link without AT&T's knowledge -- at least assuming they don't have the ability to also detect the traffic coming out the tower's uplink. The big downside of this attack vector, aside from the immense cost and complexity of building this into 5G carrier equipment and all these devices, is if detected and blocked at the uplink all that effort is suddenly for nothing.
Basically, the 5G-specific attack vector is expensive and brittle, and thus pretty unlikely. The attack vector at application level is easy and cheap (no hardware-related costs), gets you almost all the same capabilities, and in many cases can be done today on existing in-field products with OTA software updates.
However I still don't think 5G is an important factor here. If you control both ends at a higher layer of the stack (eg, it's your own software connecting to your own servers) you can do whatever you'd like. If you have OTA software updates, you can do whatever you like at any point in the future. If this channel is properly secured with TLS no one can intercept or fake it, and if you want, you can design the devices so it won't work without this connectivity present (see: most cloud-based "smart home" devices on the market today).
> If you control the cell infrastructure you absolutely can put cellular capabilities into products that aren't explicitly advertised. That would be a bigger risk for surveillance tech.
So many devices already have internet connectivity built-in, and if money is not a concern you can already incorporate a GSM modem and pay for a link to the existing cellular networks -- it's not like AT&T (or whoever) is going to care what you are doing with the connection, so long as you're paying for it. You can also use other short-range radio links.
I'll grant you that 5G introduces the possibility to have this link without AT&T's knowledge -- at least assuming they don't have the ability to also detect the traffic coming out the tower's uplink. The big downside of this attack vector, aside from the immense cost and complexity of building this into 5G carrier equipment and all these devices, is if detected and blocked at the uplink all that effort is suddenly for nothing.
Basically, the 5G-specific attack vector is expensive and brittle, and thus pretty unlikely. The attack vector at application level is easy and cheap (no hardware-related costs), gets you almost all the same capabilities, and in many cases can be done today on existing in-field products with OTA software updates.
> The real problem is that consumers want cheap but quality and security aren't cheap.
I think it's well accepted that there's high quality standards in China (there's the whole range of quality) - for drones DJI has been a reference for example.
But tech security is such an intangible thing that most of the population doesn't understand it.
And in all honesty it seems that there's no protocol, or standard procedure, or evaluation of tech goods that come to the market and must pass security testing.
For example, with GDPR, at least a framework came out for data protection and protocols were set in place. The adoption was and still is chaotic for a lot of organizations, and it has plenty of flaws - but it is indeed something that's working towards a goal.
So far, in terms of security, it's like there's nothing in place.
I think it's well accepted that there's high quality standards in China (there's the whole range of quality) - for drones DJI has been a reference for example.
But tech security is such an intangible thing that most of the population doesn't understand it.
And in all honesty it seems that there's no protocol, or standard procedure, or evaluation of tech goods that come to the market and must pass security testing.
For example, with GDPR, at least a framework came out for data protection and protocols were set in place. The adoption was and still is chaotic for a lot of organizations, and it has plenty of flaws - but it is indeed something that's working towards a goal.
So far, in terms of security, it's like there's nothing in place.
Hmmm, it's almost like all this sensor-loaded, networked hardware, whose signing keys are held abroad, could be realistically adapted for intelligence-gathering by a push of a few buttons if a government the company couldn't blow off compelled it so, but if a script kiddie hacked them for entertainment it could still be pretty bad.
It's really not that different from the FUD about Kaspersky [1] or the still-ongoing saga of Huawei. In the past, such capability had to be deliberately planted at great effort, while these days we buy it voluntarily and spread it in our homes and businesses, fly them above our cities, and put them in networking closets to sit in the middle of all of our communication.
Sure it's FUD, but it's the government and military coming to terms with the implications of what just happened, and trying to shape the future to lessen a risk. This is orthogonal to whether they want the exact same capability for friendly-made goods, or whether there's any industry of comparable domestic goods left. Other countries, when they have a spare moment after dealing with domestic needs, are also well within their rights to feel the same kind of unease about Cisco, Juniper, Intel... hell, Tesla? Have you seen the number of cameras on that thing, and the fact that it can drive on its own?
This is the evolution of 'loose lips sink ships', where the capability of people to spread information has multiplied, but soon people won't even be necessary for information to be disclosed. Their consumer goods will do it for them.
[1] https://news.ycombinator.com/item?id=17193172#17193475
It's really not that different from the FUD about Kaspersky [1] or the still-ongoing saga of Huawei. In the past, such capability had to be deliberately planted at great effort, while these days we buy it voluntarily and spread it in our homes and businesses, fly them above our cities, and put them in networking closets to sit in the middle of all of our communication.
Sure it's FUD, but it's the government and military coming to terms with the implications of what just happened, and trying to shape the future to lessen a risk. This is orthogonal to whether they want the exact same capability for friendly-made goods, or whether there's any industry of comparable domestic goods left. Other countries, when they have a spare moment after dealing with domestic needs, are also well within their rights to feel the same kind of unease about Cisco, Juniper, Intel... hell, Tesla? Have you seen the number of cameras on that thing, and the fact that it can drive on its own?
This is the evolution of 'loose lips sink ships', where the capability of people to spread information has multiplied, but soon people won't even be necessary for information to be disclosed. Their consumer goods will do it for them.
[1] https://news.ycombinator.com/item?id=17193172#17193475
Isn't it the same with the US government? They can request info from any US company using the well known NSA letters.
It looks like the US technology is a national security risk for any other sovereign nation.
It looks like the US technology is a national security risk for any other sovereign nation.
World: We're not being paranoid. US drones kill innocent civilians around the world.
They're really beating the drum on China. Be intensely suspicious. China is a trading partner that does some shitty things (e.g. in Xinjiang province), but the nation focused on world domination is the one right here.
They're really beating the drum on China. Be intensely suspicious. China is a trading partner that does some shitty things (e.g. in Xinjiang province), but the nation focused on world domination is the one right here.
You're comparing apples and oranges. US drones aren't doing fully autonomous killing, they're killing through policies of leaders you help elect. That's the apples. The oranges is tech we purchase (drones in particular) having backdoors. Why do you think these two are comparable?
yeah, it's more comparable to Androids and iPhones.
the US government could deploy an update to turn any phone into a spy device because both apple and Google are headquartered in the US
the US government could deploy an update to turn any phone into a spy device because both apple and Google are headquartered in the US
You say that like it's a settled issue and I don't think it is. If the capability is there, companies can be compelled to use it. If the capability doesn't exist, it isn't clear that companies can be compelled to invent it.
It's unfortunately a reality for us down under though - so it's not beyond the realm of imagination
If you are presented with two candidates that both are pro killing, you have no free choice, it's a managed democracy.
I really hate that I had to upvote this.
The problem that US is facing is the loss of credibility over time. It reminds me of The Boy Who Cried Wolf. US doesn't have the credibility to convince the world anymore, even if the threat is real..
There is a lot of rebuilding the US has to do. First fix the politics which is rife with petty interests, lobbying, political imbalance very skewed towards corporations over citizens, extreme polarization, 2 party system, hypocrisy,etc..
But all that, with great effort, can be fixed. A purge is needed, not just try to shove the dirt under a carpet and pretend all is nice and dandy.
There is a lot of rebuilding the US has to do. First fix the politics which is rife with petty interests, lobbying, political imbalance very skewed towards corporations over citizens, extreme polarization, 2 party system, hypocrisy,etc..
But all that, with great effort, can be fixed. A purge is needed, not just try to shove the dirt under a carpet and pretend all is nice and dandy.
The other thing that has happened is the internet and the free flow of information. It is no longer the case of manipulating 3-4 media outlets. People get their information at thousands of different places. I think its not really a loss of credibility, but the normalization of credibility based on a huge pool of information, rather than a restricted one.
I was referring to past actions of the US that proved to be unjustified and disastrous: WMDs in Iraq, Libya, Afghanistan, etc.. This is related to the normalization of credibility based on information ubiquity, but I think it's mainly US's actions speaking for themselves. After the WWII us has become a policing force that more or less , with the exception of the Vietnam war, wasn't as active in foreign wars as they've been recently. The Vietnam war fuckup was largely forgotten or attributed to a different America that had changed. But the recent wars were also pointless and proved otherwise.
Once again, US has the ability to change, but it will take a lot of effort to do so and will have to start leading by example.
Once again, US has the ability to change, but it will take a lot of effort to do so and will have to start leading by example.
> I think its not really a loss of credibility, but the normalization of credibility based on a huge pool of information
That's a great point. It's like the "credibility bubble" burst due to the increased inflow of information, and the public is correcting toward a more realistic valuation - which is to say, recognizing propaganda for what it is, and rightfully being critical of mass media.
I'm also seeing that there are massive investments being made to regain the trust bubble through social media. Historically, the public seems to have short-term memory though..
That's a great point. It's like the "credibility bubble" burst due to the increased inflow of information, and the public is correcting toward a more realistic valuation - which is to say, recognizing propaganda for what it is, and rightfully being critical of mass media.
I'm also seeing that there are massive investments being made to regain the trust bubble through social media. Historically, the public seems to have short-term memory though..
The newspapers and their online equivalents get their information from the same newswires. You only have to manipulate those few original and allegedly reputable sources and the media echo chamber makes it appear there is a 'free press' with every journalist doing investigative journalism. In reality it is a copy and paste operation, newspapers just take what there is on the newswire and dumb it down a bit for their audience.
The solution to this problem are laws that require devices like this to support self-hosted servers for OTA, data, or anything else. You should not be required to use a vendor’s services AND the vendor should not be allowed to implement permanent back-doors.
The problem, of course, is that runs afoul of US espionage and law enforcement demands that they have access to such data themselves.
They want it both ways in a world where you literally, cannot have it both ways. US cyber policy on this front has been a disaster.
The problem, of course, is that runs afoul of US espionage and law enforcement demands that they have access to such data themselves.
They want it both ways in a world where you literally, cannot have it both ways. US cyber policy on this front has been a disaster.
You don't need laws for that. You just need companies offering it and consumers choosing it. Which won't happen until it's easy to do.
Consumers can change a lightbulb and little else. Make it that simple.
Consumers can change a lightbulb and little else. Make it that simple.
Says the country whose NSA scoops up on every piece of data and spies on everyone, including their own citizens.
Why don't you learn more about "Prism Event"?
> DJI offered a bounty for researchers to uncover bugs in its drones
I'm not sure they understand how bug bounties are supposed to work...
https://arstechnica.com/information-technology/2017/11/dji-l...
I'm not sure they understand how bug bounties are supposed to work...
https://arstechnica.com/information-technology/2017/11/dji-l...
Isn't this the US's fault for letting manufacturing move to China in the 1980-present? Any large global migration of industry will have this same threat eventually.
Lack of foresight is a collective trait of the human condition. It'd be interesting to see who the protestors of said outsourcing in the 80s were, and see what they say now. How did they foresee it in the first place? Is the current outcome better or worse than they thought it'd be? What's their current prediction for the state of things in another 40 years? A good article topic for the journalists out there.
Lots of people saw it. It was obvious if your job was being outsourced or if your factory was being closed, quite apparent if no new machinery was being invested in.
At the time Ronald Reagan and Margaret Thatcher were around and all of this was discussed. The predicted decline happened. There are capitalist rent seeker types that are okay with it, they also voted for the lunatic politicians. The people not so happy about it don't get to write for the capitalist newspapers giving the illusion to people with no skin in the game that 'nobody predicted this calamity'.
So predictions for forty years hence? It does not work like that, does it? Back in the 1980's you just knew that if manufacturing was gone that there would be no market for locally made goods, no possibility of exporting quality stuff on the world market and that we would not be able to drive prosperity on the back of financial services forever.
If you push someone over a cliff you are not sure whether they will break their neck, crack their head open or get impaled on a spike, all you know is that the outcome will not be a good one.
Right now we are using far too much in the way of fossil fuels, the climate is not right and it is getting worse. I don't know how ravaged the world will be in forty years hence, all I do know is that carrying on as we do is not a good idea.
At the time Ronald Reagan and Margaret Thatcher were around and all of this was discussed. The predicted decline happened. There are capitalist rent seeker types that are okay with it, they also voted for the lunatic politicians. The people not so happy about it don't get to write for the capitalist newspapers giving the illusion to people with no skin in the game that 'nobody predicted this calamity'.
So predictions for forty years hence? It does not work like that, does it? Back in the 1980's you just knew that if manufacturing was gone that there would be no market for locally made goods, no possibility of exporting quality stuff on the world market and that we would not be able to drive prosperity on the back of financial services forever.
If you push someone over a cliff you are not sure whether they will break their neck, crack their head open or get impaled on a spike, all you know is that the outcome will not be a good one.
Right now we are using far too much in the way of fossil fuels, the climate is not right and it is getting worse. I don't know how ravaged the world will be in forty years hence, all I do know is that carrying on as we do is not a good idea.
One concept that always struck me as bizarre, was "we'll move the manufacturing overseas, but the manufacturing engineering will remain in the US". Years later, I asked a Harvard economics professor about it. He said yes, he'd taught that... "the ideas were in the air" (paraphrase - it's been years).
So one problem I have with much analysis of Trump populism, is its failure to recognize that subcultures doing group-think, believe absurdities, and tolerating being lied to, are a broader problem, worthy of more fundamental analysis, and an opportunity for broader remediation.
So one problem I have with much analysis of Trump populism, is its failure to recognize that subcultures doing group-think, believe absurdities, and tolerating being lied to, are a broader problem, worthy of more fundamental analysis, and an opportunity for broader remediation.
Sure, but even when it's your own fault, you have to fix something bad happening to you.
>"[If] you fly a drone above a pipeline, there's a pretty good chance someone is gonna see it up there," he said, but "a spy satellite just takes a picture from 120 miles up or whatever. Then, of course, no one's going to know what happened."
You have to be kidding, no one is going to notice a white drone 3km[0] above them, if there even is anyone around to notice. Sure, a spy sat is better, but it's also orders of magnitude more expensive, can't loiter[1], and might still have inferior imaging. This is just embarrassing.
[0]: https://en.wikipedia.org/wiki/DJI_(company)#Phantom [1]: Spy satellites pretty much always orbit faster than the earth turns in order to have better coverage.
You have to be kidding, no one is going to notice a white drone 3km[0] above them, if there even is anyone around to notice. Sure, a spy sat is better, but it's also orders of magnitude more expensive, can't loiter[1], and might still have inferior imaging. This is just embarrassing.
[0]: https://en.wikipedia.org/wiki/DJI_(company)#Phantom [1]: Spy satellites pretty much always orbit faster than the earth turns in order to have better coverage.
Security researchers in the field have been talking about this for several years. DJI absolutely dominates the consumer/pro UAV market so this is a real issue.
Source: I had a UAV related startup several years ago and got to know some of the security folks.
Source: I had a UAV related startup several years ago and got to know some of the security folks.
> I had a UAV related startup several years ago and got to know some of the security folks.
Oh, excellent, you are confirming that 'spying' issue is real and you seem to be the one who can give us some real insight - can you provide names of "the security folks", maybe some links to their research where we all could see proof for all these claims?
Oh, excellent, you are confirming that 'spying' issue is real and you seem to be the one who can give us some real insight - can you provide names of "the security folks", maybe some links to their research where we all could see proof for all these claims?
The real issue is security or the real issue is a non-US company dominating in a tech field?
I remember having a conversation with my U.S. Army archaeologist friend about using drones for remote sensing in restricted areas and he showed me the DJI drone that's been sitting on their shelf for months because the folks upstairs said they can't fly chinese anything in restricted areas.
Apparently the army does have drones that are sufficiently american to be flown in restricted areas but my friend doesn't know who is making them or how a civilian like myself could acquire one.
I would like to get one for my biologist friend who would like to use it to detect invasive plant species.
Apparently the army does have drones that are sufficiently american to be flown in restricted areas but my friend doesn't know who is making them or how a civilian like myself could acquire one.
I would like to get one for my biologist friend who would like to use it to detect invasive plant species.
This[1] suggests "Parrot, Skydio, Altavian, Teal Drones, Vantage Robotics, and Lumenier" might be companies to check.
[1] https://www.globenewswire.com/news-release/2019/05/28/185110...
[1] https://www.globenewswire.com/news-release/2019/05/28/185110...
Thanks for the tip. I'll look into these companies and run my findings by my government friends.
"I'm not being paranoid": warns of propaganda mouthpiece dangers of twice a day China threat articles on Hacker News. Yeah.
"I'm not being paranoid", said every paranoid ever
The fact you are paranoid does not mean they are not after you.
But makes it more likely that you'd be seeing stuff that isn't there. And stating one is not paranoid does not convey any kind of useful information since the most paranoid are usually the ones who will be more convinced they aren't. Case in point, I don't know if US is being paranoid on this or not and I couldn't care less. I was just pointing out the general case of how ironic it is for someone to argue that they are not being paranoid.
People used to say "Five Eyes" is just a conspiracy theory. And then Snowden showed up.
"Alexa, please ask NSA to provide me with the traces of network exchanges initiated by my chinese drone"
[deleted]
I wonder how much of this becomes a self-fulfilling prophecy, aided in part by ongoing weaponization of inter-nation trade discussions by targeting firms from China (arrests of executives, bans, etc).
Of course, I've seen it argued that China has been targeting US firms for a decade in various ways - which only makes the events this year yet another escalation of action.
> "The Communist Party of China now has in their law the ability to interfere and take information from virtually every Chinese company,"
I think that not only the Communist Party of China but all the political systems around the world have the ability to demand lawful access to information from virtually every company that is supposed to comply with their laws.
I think that not only the Communist Party of China but all the political systems around the world have the ability to demand lawful access to information from virtually every company that is supposed to comply with their laws.
The problem (or a problem) is that the rule of law in China is apparently capricious and unpredictable.
Is this the whole Furby scare from 20 years ago[1]? Granted the tech is much more advanced and it's more plausible today. All the fear mongering is fatiguing.
[1] https://www.cbsnews.com/news/talking-toy-or-spy/
[1] https://www.cbsnews.com/news/talking-toy-or-spy/
"We're not being paranoid"
No, but the amount of suggestive "Might" "Could" etc titles/articles now out there shows a whole other picture. China is now the new enemy. And everybody must know apparently.
Even respectable news outlets can't resist the temptation of completely unfounded copying of the American media machine.
I'm not stating China is so innocent, but sorry there is only one country in the world systematically spying, bombing and manipulating friend AND enemies alike. And that's the USA.
So please, my dear Americans. Stop it yourself and we might lend you our ear again. Sincerely, a fellow world citizen, located in Europe.
No, but the amount of suggestive "Might" "Could" etc titles/articles now out there shows a whole other picture. China is now the new enemy. And everybody must know apparently.
Even respectable news outlets can't resist the temptation of completely unfounded copying of the American media machine.
I'm not stating China is so innocent, but sorry there is only one country in the world systematically spying, bombing and manipulating friend AND enemies alike. And that's the USA.
So please, my dear Americans. Stop it yourself and we might lend you our ear again. Sincerely, a fellow world citizen, located in Europe.
adventured(2)
>but sorry there is only one country in the world systematically spying, bombing and manipulating friend AND enemies alike. And that's the USA.
*and Germany. Don’t forget, every U.S. (and Saudi) Abrams tank has a Rheinmetall cannon.
https://spiegel.de/international/germany/german-intelligence...
https://www.thelocal.de/20190311/germany-fourth-largest-expo...
https://www.euractiv.com/section/economy-jobs/news/germany-e...
*and Germany. Don’t forget, every U.S. (and Saudi) Abrams tank has a Rheinmetall cannon.
https://spiegel.de/international/germany/german-intelligence...
https://www.thelocal.de/20190311/germany-fourth-largest-expo...
https://www.euractiv.com/section/economy-jobs/news/germany-e...
I feel like your comment resonates with deep anti-American prejudice by making lofty unsubstantiated claims and has a bit of condescending elitist sentiment. The reason why I read HN comments is for informative, objective and interesting arguments.
[deleted]
Something I've wondered- why hasn't Lenovo received the same flack that DJI and Huawei received?
It's because Lenovo don't dominate their market as much as DJI dominate the drone market or Huawei the telecom.
Lenovo does nothing more than assemblying, and their acts on PC can be easily identified.
No, assembling means more security risks, as it could temper more parts.
However, trump saying that Huawei could be part of the trade deal means banning Chinese companies has nothing to do with security. The US didn’t go after Lenovo simply because assembling isn’t a high value add process and doesn’t threat US tech leadership. Huawei got banned because its tech is too advanced.
However, trump saying that Huawei could be part of the trade deal means banning Chinese companies has nothing to do with security. The US didn’t go after Lenovo simply because assembling isn’t a high value add process and doesn’t threat US tech leadership. Huawei got banned because its tech is too advanced.
[deleted]
I just got a DJI Mavic Air to take pictures and videos when we go hiking. Now I feel weird.
So I guess it's fine for the US to ship Intel hardware with suspected backdoors in the ME. But it's somehow unacceptable for the Chinese to be rumoured to do the same?
From the US point of view, that's a perfectly reasonable position to take. (See also my reply here: https://news.ycombinator.com/item?id=19975483)
Now they know how everyone else feels
Why not resolve the 737 MAX issues first, if we are worried about flying things causing damage?
This is not even the same Department. A government can and should have multiple simultaneous priorities.
A government also can and should prioritize amongst multiple simultaneous priorities.
They do. That's why governments have different departments (DHS and DOT in this case) and associated, prioritized budgets.
No I am talking about more directly. As an obvious example, in wartime everything goes to support the defense of the nation and is shifted to support that goal.
Same branch, but no coordination, right?
These vague "The Chinese are up to something but we cannot reveal what" isn't really helpful, particularly given the current trade tensions (and political motivations e.g. "bring jobs home").
I'm not really "siding" with the Chinese, they may be up to something, but the US has really done themselves a great deal of damage when their own allies don't really believe them.
Just publish technical information. It isn't hard. It would do huge damage to the Chinese and reinforce the US's whole argument. But yet after over a year, nada.