The research shows that these machines can and do collect data on users outside mainland China and store them in China. The data is collected at the operation point from software embedded in the coffee maker.
Balding said in the report released this week, “China is collecting data on really just anything and everything.” Balding added, “As a manufacturing hub of the world, they can put this capability in all kinds of devices that go out all over the world.”
The research found that Kalerm, a Jiangsu-based firm in China, has made insecure coffee machines. As a result, these coffee makers could obtain product information, payment details, and other consumer information such as time, location, and other data.
In addition, the machines could even track routing information and payment types within a commercial setting such as a hotel.
Such made-in-China smart coffee machines are sold widely in the United States and Europe.
How Balding obtained the information remains unknown. He shared that he doesn’t want the Communist regime to prevent him from figuring out Beijing’s data-collection techniques aimed at outside mainland users.
Beijing has long used several means to collect users’ data outside mainland China.
Former President Donald Trump tried to ban Beijing’s popular social media platforms, TikTok and Wechat, over concerns about data transfer in 2020.
Previously, U.S. intelligence warned of the risks of Chinese companies acquiring U.S. residents’ data by investing in U.S. enterprises that handle sensitive healthcare information.
Casey Fleming, a cyber security expert and the CEO of strategic advisory firm BlackOps Partners, warned that TikTok users are likely feeding data to Beijing by way of ByteDance.
Fleming further cautioned, “The Communist Party of China is collecting vast amounts of data. It may not be used against you today. But this information might be used against you, your company, or your country in the future.”