The increasing China-US tensions have sparked a heightened sense of caution among Americans and the US government when it comes to Chinese-owned technologies, encompassing platforms like TikTok, Huawei routers, and DJI drones.
However, due to the complex nature of the hardware supply chain, encryption chips produced by a subsidiary of a company linked to the Chinese military, which has been explicitly warned against by the US Department of Commerce, have managed to infiltrate the storage hardware used in sensitive military and intelligence networks across Western nations.
Hualan, along with its subsidiary Initio, formerly based in Taiwan before being acquired in 2016, continues to supply encryption microcontroller chips to Western manufacturers of encrypted hard drives. Notably, these manufacturers have prestigious customers in the aerospace, military, and intelligence sectors, such as NASA, NATO, and the US and UK armed forces, as can be seen on their official websites.
Security researchers and analysts who specialize in China’s national security have expressed concerns regarding the ownership of the chip vendor. They fear that these chips might contain hidden backdoors, which could potentially allow the Chinese government to decrypt confidential information held by Western agencies without detection.
While no evidence of such backdoors has been found so far, security researchers emphasize that detecting them would be extremely difficult.
WIRED attempted to contact Hualan for comments on multiple occasions but did not receive a response. However, Mike Ching, a spokesperson for Initio, clarified that Initio primarily focuses on developing controller chips for consumer storage products.
He stressed that all of their current products are developed internally by Initio and confidently stated that the company does not possess the capability to incorporate backdoors into their products.
Along with contacting Hualan and Initio, WIRED also reached out to numerous customers of these companies, which included NATO, NASA, the US Navy, the US Army, the DEA, and the FAA.
While the respondents chose not to comment on the specific hardware they acquire, statements from NATO, the US Navy, and the UK Ministry of Defence highlighted their stringent evaluation process regarding the security of the technology they employ.