It has been reported recently in telegraph UK that a large scale fraud has been discovered in UK where the Credit Card swiping devices supplied by China were found to have been tampered with in such a manner that the swiped card data was being sent to China and Pakistan for cloning.
The incident reveals a possible terrorist link or perhaps the involvement of the Chinese authorities as a part of the Cyber War preparation.
Security observers have also revealed that Chinese mobiles have been found to have backdoors which can be used to remotely switch on the phone and listen into conversations.Â Indian authorities have found that lots of mobile phones shipped from China carry the same IMEI making them handy for criminal activities.
These developments underscore the security risks for India if it continues to allow unrestricted imports of Chinese computer hardware into India.
Recently the Reserve Bank of India has allowed Banks to conduct mobile banking transactions.
In the light of the observations of security threats observed in Chinese imports, it is necessary for Indian Banks to confirm to the public that the Credit Card swiping devices supplied by them to merchants in India are genuine and does not contain any malicious codes. Reserve Bank of India should also make it mandatory to for the Banks to conduct security audits of their hardware particularly if they are imported from China. Any re seller in India selling Chinese hardware including IBM machines should give a certificate to the consumers and the Indian authorities that the chips are free from malicious codes. CERT-In should conduct surprise audits of some of the Chinese devices used in India to ensure that the poisoned devices have not been in use in India. Government should also take effective steps to ban import of mobiles from China unless the mobiles are security cleared.
In case these security initiatives are ignored, law may consider this as “lack of Due Diligence” and make the respective organziations liable if any frauds are committed.
Naavi of Naavi.org