Meriton apartment and suite users should be very cautious of what they say or do in a Meriton property because it may use routers, Wi-Fi, Doorbell cameras, and building surveillance – Huawei surveillance systems – according to two cybersecurity experts.
While GadgetGuy sees this as a ‘sky is falling’ a.k.a. fake news statement UNSW director of Canberra Cyber and former AFP officer Nigel Phair, and cybersecurity expert Daniel Weis, have gone on record at News Corp (sorry the link has a paywall) that residents should be wary of Huawei surveillance.
“I see it [Huawei surveillance] as a problem because we do not know the level of its eavesdropping capability. What about high-level corporate [or government or military] executives who live in these buildings? Until we get answers to these tough questions, we just do not know,”
“China operates entirely by its own set of rules. Huawei products have now been banned in a lot of Western countries and removed as a supplier for 5G networks. Any Huawei device could potentially be a ‘backdoor’ allowing the Chinese government to spy on and/or intercept the data.”
“Many infrastructure businesses still recommend Huawei equipment without knowing the risks. Most of the time it is because Huawei is cheaper and better suits the bottom line of the organisation or body that is pushing the equipment.”
While the Huawei surveillance accusation lacks proof, the mud sure sticks
Let’s be clear – almost any IoT device can be subverted for surveillance.
Huawei did not sell the gear to Meriton nor did Meriton specify it – so both
are in the clear.
And while the commentators are respected, neither have offered proof. I suspect that what they should have said is that any equipment of any brand, not necessarily made in China is capable of subversion. That is closer to the mark than focussing on an easy geopolitical target like Huawei.
But to be clear, our Government is the only one that has the
right to select equipment that it is satisfied will protect our national security
interests. What goes on at Meriton is not worth a hill of beans.
Meriton selected suppliers, LBNCo or Opticomm as infrastructure
providers in place of NBN during construction and FuzeNet as the initial retail
service provider (which an occupant can either opt-in or not). The offending
gear first started use in 2014 in tens of thousands of apartments.
In most cases, the infrastructure had to be private, e.g. fibre
to the basement and linked to FuzeNet, a carriage service provider as NBN was
not in the area.
It is called full-line forcing and Meriton is changing its ways
If you want ‘cabled’ speeds, you must use Fuzenet. Alternatively,
you can use 4G wireless broadband from Optus or Telstra – at least one of those
uses a Huawei modem/router!
Full line forcing (exclusive dealing) or third-line forcing
(making you use a recommended supplier) occurs when one person trading with
another imposes some restrictions on the other’s freedom to choose with whom,
in what, or where they deal. Exclusive dealing is against the law when it
substantially lessens competition.
In Meriton’s case, the NBN infrastructure was not available at
the time of construction and FuzeNet stepped up and charged whatever it could.
Now there are alternatives like 4G broadband, and we understand some properties
are being cabled for NBN as well. But often re-cabling is not viable.
How can you protect yourself from snooping?
Our best advice, not just to Meriton residents, is to use a paid VPN and never use a free one. And you have the option of 4G wireless, albeit slower and more expensive.
If you are worried about the door chime/camera/intercom system,
then raise the issue with the building manager and ask what guarantees it can
give. Having stayed at several Meriton properties that use this system, I am
happy as at least the ones I have seen require a physical handset to be lifted
off the hook to activate them. I am glad that the experts missed the fact that
any fire-alarm speaker system can easily listen in on conversations.
We are investigating a new breed of ‘anti-snooping’ black boxes that you place between the router and your network. Some are from reputable companies like D-Link with its McAfee based D-Fend series, and so far that is the only one to get the tick. It will also protect IoT devices like security and baby cameras from external hacks.