The Australian government is under pressure to ban these devices, which retail for about $70 to $700 at online technology stores, due to ongoing threats to households and national security. So far, they’ve only been banned from government buildings.

In one in case last year, an attacker hacked into a family’s intercom and compromised their Wi-Fi network. They were then able to monitor all activity at the house and, unbeknown to the owners, locked them out of their own systems.

The situation was only uncovered because a member of the household tried to login to the corporate laptop with the home Wi-Fi connection. An alert was triggered with the owner’s employer, before leading security provider CyberCX found the source of the problem.

Alastair MacGibbon, the chief strategy officer at CyberCX, told this masthead his team was able to narrow the attack down to a smart doorbell with a camera, made by Chinese electronics company Dahua.

“The offender found a vulnerability in this doorbell and when it gets connected to a network it’s like Covid, it spreads from one device to another at once,” he said.

“They installed a botnet, which is a zombie army in electronic devices that compromise systems, so they had locked the owner out of the system and had access to a video feed of this doorbell and they had connectivity to this person’s laptop.”

While that particular model of doorbell was discontinued, Mr MacGibbon explained the entry point for these attacks is increasingly cheap and poorly-designed devices – and it’s not only doorbells.

Any smart device – which is anything with internet connectivity – is potentially vulnerable, including routers and Wi-Fi extenders, mobile phones, electric vehicles, and home security products.

“China is the world’s factory, it manufactures good and they’re cheap and fit for purpose, but we’ve taken a tame approach to these technologies,” he said.

“A device where the software has to be updated by Chinese manufacturers is inherently dangerous because the Chinese national security laws give authority to Chinese intelligence agencies to direct actions – these devices are controlled by China.”

He said the Chinese companies weren’t necessarily directly responsible for the hacks, it was likely individuals who were aware of the device weaknesses.

Home security issues could conflate to national security issues if China used these devices to further its own interests.

The Australian government appears to understand the threat because it removed 913 products by Dahua and Hikvision from government buildings across the country in 2023, admitting espionage fears.

However, nothing was done to address ongoing security issues in millions of homes, shopping centres and non-government buildings.

“If they’re not fit for purpose for the government, why don’t we have these same obligations at home? There are more devices now than ever, this is a giant problem,” Mr MacGibbon said.

The US has trade restrictions on cameras made by Hikvision, Dahua and other Chinese companies.

A spokesperson for Tony Burke’s Department of Home Affairs said the Cyber Security Act 2024 mandates security standards for smart devices and relevant connectable products. “Manufacturers and suppliers are responsible for compliance with the relevant standard prescribed for those smart devices and must be able to provide a statement of compliance to supply the product in Australia,” they said.

Dahua Technology said the safety of its customers was the highest priority.

“We take any claims of product vulnerabilities seriously,” a spokesperson said.

“While we are unable to verify the specific claims outlined without further details, we understand the installed product reached its end of life back in 2019 and has since been replaced by newer models with enhanced protections and security features.”

More Coverage

Family shock after dad blowtorched at front door in alleged attack

Charlotte Karp

Aussies urged to look out for fresh Centrelink scams

Charlotte Karp