Chinese store owners in Qingdao ordered to switch to government-verified routers for Wi-fi service
Replacement routers made by Beijing-based supplier have ‘multiple critical vulnerabilities’, says US company
Stores offering Wi-fi to customers in eastern China’s Qingdao city have received an order from the local police asking them to replace their routers with government-verified ones.
Businesses refusing to replace their routers will face fines of up to 100,000 yuan (US$18,589), according to a statement issued by a district police station under the Qingdao Public Security Bureau. The government will provide the store owners with the new routers, which are powered by Qualcomm chips, with the cost of the router and its installation fully covered.
The merchants will, however, pay a deposit of 100 yuan that will be refunded when the business moves or ceases operation.
Store owners will also get paid to use the new Wi-fi routers, earning 8 cents through a smartphone app for each device connected to the router.
Qingdao joins a list of Chinese cities, which includes Chifeng in northern China’s Inner Mongolia province, with a router replacement plan, according to Abacus. The replacement plan will help the government monitor internet activities.
The Qingdao police said in a statement that the switch to government-approved routers was based on Chinese laws and regulations on cybersecurity and counterterrorism, which require all premises offering internet services to install a security management system.
According to the Provisions on the Technical Measures for the Protection of the Security of the Internet effective from 2006, all premises with Wi-fi services should install the security management system to record and store data about registrations, logins and page visits as well as other activities by internet users.
The replacement routers will be supplied by BHU, a Beijing-based router maker with a “long-term close collaboration” with China’s Public Security Department, as reported by Abacus.
The BHU routers have “multiple critical vulnerabilities” that could allow attackers to access sensitive information, according to analysis by IOActive, a US information technology service company.