Connected sockets and bulbs, smart thermostats, security cameras, connected thermostats, air conditioning or fans… Tuya is everywhere. World leader in Smart Home, the Chinese company sells its IoT platform to more than 5000 brands around the world. According to the company, these are more than 116.5 million connected objects who would use its technology in more than 220 countries. Figures that make you dizzy and worry American senators today.
Three of them have indeed asked Janet Yellen, Secretary of the Treasury, to sanction the heavyweight of the Internet of Things, calling the company threat to national security and accusing him of invading the privacy of Americans.
Listed on the New York Stock Exchange in March, Tuya Inc. is currently in turmoil, its listing showing a sharp decline on the stock market where the previous Huawei is not without concern ...
Tuya: a threat to Americans' cybersecurity?
In any case, this is what Republican Senators Marco Rubio, Rick Scott and Tom Cotton say, asking Washington to limit or prohibit Tuya business in the United States. In question? A recent Beijing law requiring Chinese companies to hand over all collected data upon government request.
According to their report, “[…] There is also a more basic reality that, as a company, Tuya is obligated to comply with orders from the CCP [Chinese Communist Party], including requests to share data from US and other users with the Chinese government. »
Republican Senator Marco Rubio also raises that "Cyber and national security experts have already raised significant concerns about Tuya's lack of protection of user data".
For his part, Tuya told the South China Morning Post that the senators' claims were " unfounded ", the company isolating all user data regionally, including in the United States. It is in any case a priori the case in Europe where the Tuya application servers Smart are partly hosted at Amazon Web Services in Germany and appear to be GDPR-friendly.
"Tuya has never received a request from the government of one country to share user data from another country", added the spokesperson of the company, specifying that the company intended to prove its good faith. Still, several reports from cybersecurity experts are not without raising questions ...
Experts point to big privacy concerns
In March 2021, Dark3 Inc. had indeed studied 10 smart home devices sold in the US market at prices ranging from 20 to 100 dollars. Vince Crisler, founder and CEO of the company, explained to VOA News that his teams had then discovered many security flaws in applications Smart Life and Tuya Smart.
"Every IoT device we looked at had a commercial connection to China, and every product was observed communicating with the infrastructure in China, without our permission." so said Crisler, before adding “There was a lot of risk of information leaks. Tuya owns the whole chain… and there is no idea how they are using this data. "
Senators call for sanctions
Marco Rubio and his colleagues, known for their vehemence towards China, demand that sanctions be taken against Tuya Inc. and wish that, like Huawei under the presidency of Donald Trump, the Chinese giant of the IoT be added to the list of companies in the Chinese military-industrial complex, as planned by theInternet of Things Cybersecurity Improvement Act.
Therefore, a decree signed by the former president in 2019 and comforted by current president Joe Biden last June, could prohibit the Americans from investing in Tuya Inc. A situation which would be more than problematic for the company which carried out a raising of 915 million dollars at the time of its IPO with the Chinese Tencent Holdings, but also the American venture capital firm New Enterprise Associates (NEA)…