Concerns over data leaks and hacking risks from Chinese applications and smart devices are growing after it was revealed that the AI chatbot DeepSeek transferred user data to ByteDance, TikTok’s parent company.
According to security experts on Feb. 21, there are four main types of vulnerabilities in Chinese IT products and services, including shopping apps like AliExpress and Temu, IP cameras, and robot vacuums. These risks include potential backdoors embedded during manufacturing and weak encryption.
First, backdoors are vulnerabilities embedded in devices that allow manufacturers or third parties to gain unauthorized access and secretly transmit personal data. Data leaks occur when apps or devices send sensitive information—such as keyboard inputs and clipboard contents—to external servers without user consent.
Supply chain attacks involve inserting malicious code into IT products during manufacturing or distribution. A notable case is when suspected Chinese spy chips were found in Supermicro server motherboards in 2018. Weak encryption is another major concern, as some IP cameras and network devices transmit data unencrypted, leaving them highly vulnerable to hacking.
Jeon Deok-jo, CEO of network detection and response (NDR) firm CQVista, said, “The most common method is embedding backdoors during manufacturing. In fact, there have been cases where CCTV cameras installed in public institutions transmitted footage to China.” He added that similar security vulnerabilities have been found in surveillance cameras at military facilities, municipal CCTV systems, and home IP cameras. “Since these backdoors are hard to detect with standard security solutions, closely monitoring network traffic after installation is crucial to identify unauthorized data transfers,” he said.
Security experts warn that Chinese hacker groups often attempt attacks by distributing malware-laden products or operating fake websites. Lee Ho-seok, team leader of SK Shieldus' white-hat hacker group EQST Lab, said, “Some Chinese hacker groups sell USB drives preloaded with malware. In one case, an unusually cheap USB purchased from overseas direct-purchase sites like AliExpress was designed to immediately execute malware upon plugging it into a computer.” He added that while app permission structures have improved, the risk of exposing personal data remains if users unknowingly grant access. “Some fake Chinese websites, disguised as YouTube video download sites, spread ransomware, so extra vigilance is essential,” he warned.
The security industry warns that Chinese IT devices may not only lead to personal data leaks but also act as gateways for larger hacking attacks. Hidden backdoors in USB drives or IP cameras could expand the scope of these attacks to corporate and public institution networks, risking rapid leakage of confidential information to countries like China.
Youm Heung-youl, a professor of information security at Soonchunhyang University, said, “The most serious issue is that users have no way of knowing what information is being collected or where it’s being sent,” adding, “If personal data is transferred overseas, explicit consent is required. However, some Chinese services may fail to inform users or bypass this requirement, collecting personal data without authorization.”
