Recorded Future – a security firm in China published a detailed report over the impacts of China’s updates to its Cybersecurity law which came online last November. Now they can hack any online services company in China for searching for the security flaws. Moreover, while doing so, they can access and copy all the user data as well.
These new provisions have the goal of protecting Chinese citizens by letting the MPS (Ministry of Public Security) to perform onsite or remote penetration testing and networks analysis. MPS is allowed to target any company in China which provides internet services and having online computers in China.
On the other hand, this is a strange thing though. It’s not mentioned anywhere that MPS must have to disclose the security flaws to the company or helping them to patch the flaws. Furthermore, they won’t mention which part of the company’s network they are testing and which data they are copying.
The Chinese government gets a copy of all the user data a company has connected to its Chinese network and this can be extended to other countries as well depending on the company.
Ministry of Public Security can come to any company’s doorsteps anytime and that’s not necessarily how they’ll access information. Penetration testing which is done to find flaws by hacking into networks doesn’t have to stop when the flaws are exposed. MPS is permitted that if they like they can exploit any flaws they find.
Even in case if the MPS has found no vulnerabilities, it has the power to force the company into creating a backdoor.
Get real time update about this post categories directly on your device, subscribe now.