The headline may not be fully accurate. Maybe only 99% accurate. What we know for sure is that Chinese makers of electronic and software things used in the United States keep installing secret or open means of collecting and sending our information to somewhere in China.
The latest devious operator in the news is a patient monitor made by Contec Medical Systems, the Contec CMS8000 (“Chinese-Made Patient Monitor Contains a Secret Backdoor,” PC Mag, January 31, 2025).
A medical device used in hospitals has been found hosting a backdoor, paving the way for an unauthorized user to remotely control and tamper with the equipment.
The threat was discovered in three firmware versions for a patient monitor called the Contec CMS8000 (also sold as the Epsimed MN-120), which can display a user’s vitals, including heart rate, according to an advisory from the Cybersecurity and Infrastructure Security Agency (CISA).
The equipment, from China-based Contec Medical Systems, was mysteriously configured to connect to an IP address for a third-party university with no connection to the manufacturer.
Anyone at the unnamed third-party university could scoop up and “exfiltrate” the patient’s data as long as the CMS8000 is connected to the Internet. When the backdoor is used, “files on the device are forcibly overwritten, preventing the end customer—such as a hospital—from maintaining awareness of what software is running on the device,” according to the CISA report.
The backdoor cannot currently be closed. So CISA’s advice is to stop using the CMS8000 or use “only the local monitoring features.” Following the latter advice means getting off the Internet by unplugging the ethernet cable and disabling WiFi or cellular access to the Internet.
Also see (as suggested by Instapundit):
Free Beacon: “This Chinese Drone Company Found a Workaround to Congress’s Ban on Doing Business in the US”
“Federal authorities have long harbored concerns that DJI drones flying in American airspace surreptitiously transmit sensitive surveillance data back to the Chinese Communist Party.”
Bloomberg: “Vodafone Found Hidden Backdoors in Huawei Equipment”
Malwarebytes: “Former TikTok exec: Chinese Communist Party had ‘God mode’ entry to US data”
“According to his claims, the CCP had its own office inside ByteDance’s headquarters.”
Wired: “DeepSeek’s Popular AI App Is Explicitly Sending US Data to China”
“The AI setup appears to collect a lot of information—including all your chat messages—and send it back to China. In many ways, it’s likely sending more data back to China than TikTok has in recent years…. ‘We store the information we collect in secure servers in the People’s Republic of China.’ ”
