China struggles to win cyber trust

China struggles to win cyber trust
© Getty Images

The tech community is losing faith in major Chinese digital security products.

Qihoo 360, China’s largest security firm, was caught cheating this week on product tests, making its offerings seem more secure than they are.

Antivirus testers have stripped the company of all its 2015 certifications as a result.


It’s the latest in a string of incidents that have shaken confidence in Chinese security offerings. In April, Mozilla and Google also stopped accepting digital security certificates issued by the Chinese government. Internet browsers using Firefox and Chrome are now warned they are potentially exposed to hackers when visiting websites with a “.cn” country code.

Qihoo’s security software has a wide footprint across the globe.

According to the company’s earnings reports, over 500 million people use Qihoo’s Internet security software. That’s about a sixth of the world’s 3 billion Internet users.

About 750 million people also use Qihoo’s smartphone antivirus offerings, nearly half of the 1.75 billion global smartphone users.

When the company misrepresents the security of its products, it weakens the global Internet, argued Andreas Clementi, CEO of AV-Comparatives, one of the labs that revoked Qihoo’s certificates.

“Misuse of such tests for marketing purposes will, in the long run, result in more successful malware attacks, making Internet users less secure,” Clementi said in a statement.

Chinese officials were also recently caught possibly misrepresenting the security of domestic websites.

In April, Google uncovered evidence the China Internet Network Information Center (CNNIC), which registers China’s domain names, was allowing an unqualified third-party company to issue unauthorized security certificates for Chinese websites.

These digital certificates are vital sign posts to incoming Internet traffic that a website is safe from hackers.

The discovery caused both Google and Mozilla to pull recognition of all CNNIC-issued certificates, a move likely to hinder foreign traffic flow to Chinese sites.

While this week’s discovery relates to a private firm, not the Chinese government, both events highlight tensions between China’s tech sector and much of the rest of the world.

The U.S. government has repeatedly expressed fears that China’s private sector security products are being co-opted by government officials for surveillance purposes.

Now, foreign firms are threatening to pull out of China rather than use the country’s government-supplied encryption methods.

Major tech companies operating in the country, like Apple and Microsoft, have also suffered repeated hacks that experts trace back to Beijing.