(WASHINGTON) — Internet-connected cameras made in China are giving the Chinese government the ability to “conduct espionage or disrupt US critical infrastructure,” according to a Department of Homeland Security bulletin obtained by ABC News.
The cameras typically lack data encryption and security settings and, by default, communicate with their manufacturer. It’s believed there are tens of thousands of Chinese-made cameras on the networks of critical U.S. infrastructure entities, including within the chemical and energy sectors, the bulletin said.
Chinese cyber-operatives have previously exploited internet-connected cameras and the fear is China could gain access and manipulate systems without tighter restrictions on these cameras, the DHS warns.
“A cyber actor could leverage cameras placed on IT networks for initial access and pivot to other devices to exfiltrate sensitive process data that an actor could use for attack planning or disrupting business systems,” the bulletin said. “A cyber actor could use cameras placed on safety systems to suppress alarms, trigger false alarms, or pivot to disable fail-safe mechanisms.”
So far, China has successfully kept U.S. regulators from blocking the use of internet-connected cameras made in China through the use of a practice known as “white labeling,” where the cameras are imported after they’re packaged and sold by another company, according to the bulletin.
“Broader dissemination of tools designed to help recognize PRC cameras, particularly white-labeled cameras, could tighten enforcement of the 2022 Federal Communication Commission (FCC) ban on the import of these cameras and help mitigate the threat of PRC cyber actors exploiting them for malicious purposes,” the bulletin said.
An estimated 12,000 Chinese-made internet-connected cameras were in use at hundreds of critical U.S. infrastructure entities as of early 2024, according to the bulletin.
The number of cameras installed in U.S. networks is estimated to have grown by up to 40% from 2023 to 2024 despite the FCC ban on their import, likely due to white labeling, the bulletin said.
Chinese state-sponsored cyber actors have “extensively targeted” vulnerabilities of Chinese-made cameras since at least 2020, according to the bulletin.
In one instance, in March 2024, Chinese-made cameras at a U.S. oil and natural gas firm communicated with China-based servers, “including one possibly associated with a PRC state-sponsored cyber actor,” according to the Office of the Director of National Intelligence’s Commercial Cyber Threat Intelligence Program.
The bulletin comes amid national security concerns regarding Chinese technology like TikTok and, more recently, DeepSeek.
DeepSeek, a new artificial intelligence tool, has code hidden in its programming that has the built-in capability to send user data directly to the Chinese government, experts told ABC News this week.
The potential risk DeepSeek poses to national security may be more acute than previously feared because of a potential open door between DeepSeek and the Chinese government, according to cybersecurity experts.
The nation’s communications networks are another area of concern regarding Chinese hackers. Last year, a Chinese hacking and espionage campaign scooped up data on hundreds of thousands of American mobile phone users, likely stealing information from more than 1 million customers, in what one senator called the “worst telecom hack in United States history.”
Copyright © 2025, ABC Audio. All rights reserved.
