A Greens senator warns there is “no way of knowing” if Australian MPs and government officials have been spied on using cameras that have been found to be vulnerable to hackers.
It was revealed in Senate estimates this week the electorate offices of 88 Australian federal MPs had been outfitted with Chinese-made cameras that have been banned by governments in the United States and the United Kingdom because they have been deemed to pose a national security risk in those countries.
“The nature of this security risk means we have no way of knowing if members of Parliament or senior government officials have been spied on,” Greens Senator David Shoebridge told Crikey.
“This is why the previous failure to act is even more troubling.”
His comments came after a heated back-and-forth in estimates with Australian Signals Directorate (ASD) director-general Rachel Noble, who defended her agency’s actions after it was revealed it gave a two-sentence response to concerns raised about the cameras in 2021.
“Vendor choice is a matter for individual government departments and entities. ASD provides technical advice and assistance, including supply chain guidance which is available on cyber.gov.au,” the response read.
“ASD has published guidance on identifying supply chain risks which is available on cyber.gov.au.”
Shoebridge suggested to Noble the cameras had been allowed to continue operating for more than a year after the November 2021 advice because the ASD had “dodged the question”.
“ASD has fulfilled the role required of it to provide technical advice about the threats of internet-of-things devices … and I believe that we have acquitted our responsibility in that regard,” Noble responded.
CCTV cameras made by two Chinese manufacturers are of concern: Hikvision and Dahua.
ASD did publish a “critical” warning about Hikvision products on its website in September 2021, saying a vulnerability had been identified that “could allow a cyber actor to take full control of the vulnerable device”.
The alert went on to advise that the cameras should be taken off the internet in order to mitigate the risk.
Dahua published a similar security warning about some of its products in June 2022.
“We know that security alerts were issued for these products on more than one occasion last year but it appears the government failed to pay attention until the issue found its way to the media,” Shoebridge said.
“It’s hard to have faith in the capacity of the Commonwealth to protect our online privacy and safety when the official advice from its main IT agency was ‘nothing to see here’.”
Noble said during her estimates appearance that “ultimately, the choice of equipment and vendors is a matter for individual government departments”.
The federal government said earlier this week it was in the process of getting rid of all vulnerable devices from electorate offices and that 45 offices still had cameras that needed to be removed.
Chinese foreign ministry spokesperson Wang Wenbin told reporters this week Australia was overreacting and said Beijing hoped Chinese companies would be treated in a “fair, just and non-discriminatory” way.
“We oppose erroneous practices of over-stretching the concept of national security and abusing state power to discriminate against and suppress Chinese companies,” he said.
You forgot to mention Senator James Paterson’s grandstanding on this, urging the removal of the cameras asap, while neglecting to mention Dutton was the responsible minister when the were installed. One lazy hack at Nine media wrote that Paterson had “led the investigation”, which is yet one more example of the failure of mainstream media.
Given that the “security vulnerability” identified in 2021 was identified by the camera manufacturers (not by the Australian Suckholes Directorate) AND a firmware fix was also supplied by these manufacturers, it’s hard to see that there is any desire to “spy” on the Federal Government.
Any equipment provided by any manufacturer to either Government or anything that is (actually) critical should be fully pen tested before installation. Looks like this didn’t happen amd is yet another “Public Service” fail. Your tax dollars not at work as usual.
But… but… China! I assume that now, any use of iPhones (made in China) by politicians and public servants will be banned also. We really are becoming as stupid as the US.
We are already so far up the US anal passage it’s not funny. Of course they could switch to Android (the majority of which are made in China too) but what then? Successive Australian governments have turned our largest trading partner into an apparent “challenger” at the behest of the United Snakes.
I think there’s a difference between using phones that are just made in China and security cameras made in China developed by a Chinese company.
Plus Apple like it or not is really anal about their security processes and an advantage is that it’s dead easy to use for a layman compared to an Android device. I prefer to use Android personally but if I wanted an enterprise with tech illiterate people to work for me, I would shell out for iPhones over Android for sure, less crashes and headaches.
If it’s on the internet it can be hacked. Including that camera that’s looking at you right now, on your computer, Mr President.
The US Airforce has Chinese-made components in it’s F-35 Strike fighters. The WORLD virtually handed over manufacturing to China decades ago………
Chinese Alloy Is In Every F-35, Pentagon Seeks Waiver To Continue Deliveries (thedrive.com)
Apparently the issue was the inclusion of Chinese made alloy.
I’m not paranoid but maybe we should shoot down all those Made In China drone toys flying around with our new F35s and their missiles.
Albo, if you have concerns ring Joe B for advice – I sure Dutton will support your decision.