Identifying Banned Chinese Devices in Your Environment

On Friday, July 18, 2025, U.S. Secretary of Defense Pete Hegseth ordered a two-week review of Pentagon cloud contracts after reports indicated that Chinese engineers had been hired to work on U.S. military cloud computing systems. He further stated that China should never be allowed to establish or maintain access to DoD systems. 

To effectively address this issue, we must look beyond just cloud services and traditional IT. We must also consider the substantial number of xIoT (extended Internet of Things) assets deployed across government and commercial networks. Many of these connected devices are unknown, potentially misidentified, and unmanaged, which poses significant risks, including national security concerns. The presence of Chinese-manufactured or OEM (original equipment manufacturer) surveillance and networking equipment in U.S. networks is not merely an oversight; it represents a direct threat to national security and compliance integrity.

At Phosphorus, our mission is to secure the modern extended Internet of Things (xIoT). We built our xIoT Security and Management Platform to identify and neutralize risks that most tools miss, including those associated with banned and obscured Chinese devices.

What the Law Says: NDAA Section 889 and Federal Bans

Section 889 of the National Defense Authorization Act (NDAA) prohibits the U.S. government from procuring or using telecommunications and surveillance equipment from certain Chinese manufacturers due to national security concerns. The law’s two core provisions include:

• A procurement ban (effective August 13, 2019)
• A use ban (effective August 13, 2020)

The banned list includes known offenders like Huawei, Dahua, Hikvision, ZTE, and Hytera. 

The Danger: Devices Designed to Evade Detection

Here’s the problem: The complexity of identifying prohibited devices is heightened by the fact that manufacturers often operate under multiple white-label brands that masquerade as Western firms. Phosphorus has identified several cases where xIoT devices are sold under Western brands, yet are manufactured by companies on the banned devices list from China. 

Enabling Chinese Persistence

Many of these devices run on firmware developed in China that is susceptible to manipulation and vulnerabilities, including: 

• Known to contain backdoors, either intentional or due to negligent design.
• Exploited by threat actors to allow remote access, bypass authentication, or exfiltrate data without detection.

For example:

• Dahua devices have previously been found with backdoor code that allowed unauthenticated remote login via hardcoded credentials.
• Hikvision cameras have been tied to vulnerabilities enabling remote command execution without proper authorization.
• Huawei routers have been flagged by international watchdogs for firmware-level espionage risks.

These risks persist even when the hardware is rebranded since the underlying firmware remains unchanged.

The Hidden Risk: Unauthorized Devices You Don’t Know You Have

Here’s the problem: most discovery tools rely on passive data like MAC address OUI lookups, which can be easily spoofed or stripped from devices. As a result, even banned equipment that has been white-labeled can remain hidden in plain sight.

At Phosphorus, we employ Intelligent Active Discovery to interact directly with devices, enabling us to provide high-fidelity, in-depth device discovery and classification. This capability enables organizations to classify assets with deep resolution and identify risks at scale. 

In addition to detailed device discovery, Phosphorus provides in-depth device risk assessment information. This includes critical insights such as the presence of default passwords, outdated or vulnerable firmware, expired or self-signed certificates, and whether a device is prohibited by the U.S. Government under NDAA Section 889 (specifically regarding Chinese-manufactured devices).

These capabilities empower organizations to identify and alert on OEM’d or disguised hardware even if it has been rebranded, renamed, or relabeled.

Response: Detect, Alert, and Remotely Disable

Once a prohibited device is found, Phosphorus provides an immediate, policy-aligned course of action:

• Alert security teams of the banned device’s presence
• Quarantine or restrict device access
• Remotely disable the device to reduce exposure until appropriate compensating controls are implemented or physically removed

Alignment with U.S. Government Guidance

Phosphorus directly supports federal mitigation recommendations from agencies like NSA, CISA, and the White House’s National Cybersecurity Strategy. Our platform enables:

• Removal of default credentials and insecure configurations
• Disabling of unused network services
• Automated firmware updates and patching
• Full audit of administrative access
• Identification and removal of prohibited Chinese-manufactured equipment

Final Thought: Take Decisive Action

By taking decisive action against unauthorized Chinese devices, organizations can bolster their security posture and contribute to safeguarding national security. In an era where every connected device plays a vital role, ensuring their integrity is not just a technological necessity but a national imperative.

Take action today. Request a demo at phosphorus.io