Skip to content
Censys Search Teams: Industry-leading internet intelligence for growing security teams and organizations | Learn More
Blogs

Potential Chinese Influence on African IT Infrastructure

Executive Summary

Between 10-21 February 2023, Censys discovered over 46,000 commercial devices associated with four U.S. blacklisted Chinese tech manufacturers in Kenya, Zambia, South Africa, and Mauritius. Huawei, ZTE, Hikvision, and Dahua were blacklisted by the U.S. government in November of 2022 and the importation or sale of their equipment was banned in the U.S. over national security concerns. Other major Chinese tech firms not blacklisted by the U.S. were also found present in these countries’ infrastructure. Among those, we only included Xiongmai Tech, a large Chinese peer to Hikvision. These devices include traffic cameras, residential and commercial security cameras, and high-speed networked devices. Censys found that many African telecommunication companies are incorporating these technologies in their networks and digital infrastructure, potentially showcasing a willingness to move towards more Chinese influence in African regional infrastructure. Further supporting this is Censys’ observation of Chinese network architecture throughout Africa, notably in regional internet node Mauritius where 25% of hosts reside on Chinese network architecture.

Observations

Context:

In mid-February of 2023 Censys analysts investigated the potential trend of “smart city” or “safe city” development in Africa, based on the May 2020 U.S.-China Economic and Security Review Commission’s (USCC) report on China’s Strategic Aims in Africa. As part of this investigation, the analysts conducted a number of queries searching for Chinese telecom and surveillance infrastructure in a number of African countries, with a focus on searches for cameras, control systems, and smart monitoring related equipment. While there was not enough evidence to suggest significant development of exploitative surveillance or digital repression capabilities, Censys did find a considerable amount of Chinese-produced devices present in African telecom infrastructure, and thus pivoted to identify any trends or noteworthy development.

Findings:

Within the investigation, Censys analysts focused on the countries of Kenya, South Africa, Mauritius, and Zambia looking specifically for devices discovered via Censys scans that host Chinese software developed by Chinese tech manufacturers Huawei, ZTE, Hikvision, Xiongmai Tech, and Dahua. Among these companies, Hikvision, ZTE, and Huawei were the largest respectively, with the forerunner, Hikvision, having approximately 24,000 of their devices publicly displaying in these countries. Among the countries, South Africa is the outstanding forerunner with approximately 39,000 products from these Chinese companies appearing on the internet. These high numbers from South Africa and Hikvision are almost certainly due to the major partnerships that Hikvision has with the South African government for security camera networks in high traffic public areas as well as along major roads, such as the Sea Point Highway in Cape Town, South Africa.

In addition to finding a large number of Chinese-produced devices, Censys analysts also noted that 28.64% of these devices are actively running Real Time Streaming Protocol (RTSP) ports. “RTSP is an application layer protocol designed for telecommunications and entertainment systems to control the delivery of multimedia data. RTSP is a signaling protocol, it controls the data transmission session.” RTSP, while an older standard of port, is now most commonly associated with IP cameras, whether they are part of a wider security system or built into autonomous systems, such as drones [via flussonic.com].

Upon deeper analysis of the discovered hosts, nearly all devices were running under Autonomous System Numbers (ASNs) associated with African-owned providers such as Herotel, Vodacom, Safaricom, MauritiusTelecom and Zamtel. Among these providers, Zamtel is the only state-owned Telecom with the sole shareholder of the company being the government of the Republic of Zambia. Zambia is cited in the USCC report as being a direct beneficiary of China’s “Digital Silk Road” investments as well as being a partner in Huawei’s safe city project. With Zamtel, a state-owned enterprise, it would be a prime technology partner in any safe city project in Zambia with China.

Table of countries and correlating number of host devices:

Samples of hosts discovered by Censys presenting Chinese software in African capitals:

From a greater perspective, Censys also examined the ASN or network names of the hosts of Ghana, Kenya, Mauritius, South Africa, Nigeria, and Kenya to understand how prevalent Chinese network infrastructure is within these areas. The clear leader is Mauritius, with over 25% of its hosts residing on Chinese-based networks. Mauritius has positioned itself as a strategic economic hub between Asia and Africa in addition to hosting the headquarters for the African Network Information Centre (AFRINIC) and serving as a node for multiple submarine internet cables that help connect Africa to the rest of the world. Huawei equipment can be found throughout, according to multiple sources. In addition to economic interests, one can assume China leveraged the well-established tech/surveillance firm Huawei to implement network architectures in Mauritius for many reasons that could include control and surveillance of information traversing these critical network nodes.

[via ThePrint]

Assessment

Although Chinese devices in these four countries represent only about 3.63% of the total number of devices found (as the time of this report), the same Chinese firms already operating in these countries would almost certainly be the same firms that would be used by the host countries to build out significant digital surveillance and facial recognition capabilities under the guise of implementing safe city projects. Censys analysts agree with the USCC report that these African governments are taking advantage of Chinese technology for deep discounts and mostly benign purposes to lay the groundwork for digital infrastructure. However, these same networks could potentially be modernized to support and expand digital surveillance networks beyond enhancing local security and police forces and could become the backbone for these governments to mirror China’s own surveillance state. This concern is amplified by observing over 25% of hosts within network hub Mauritius, residing on Chinese-based networks.

With China continuing to promote their safe city concepts that involve video cameras, facial recognition, real time tracking, and other technology to African nations, the growing involvement of these Chinese firms would almost certainly represent a desire to export Chinese internal surveillance capabilities.

Next steps

Going forward, Censys assesses that it will be important to maintain situational awareness of the number of Chinese produced devices present on the African continent, and continue to observe and monitor any publicly announced digital surveillance partnerships between the Chinese state and African countries. Through the continued awareness of this space, the public can better defend their digital privacy and ensure that governmental entities are held responsible for maintaining safety, security, and good conduct in these initiatives.

For inquiries, email federal@censys.io. For this report and more, visit censys.io/federal.

About the Author

Samuel Hoffman
Internal Intelligence Analyst
Sam Hoffman is an Internal Intelligence Analyst at Censys. Sam was previously a Cryptologist and Arabic Linguist for the United States Navy, with experience working in military intelligence as well as with a number of federal agencies. Sam currently attends Johns Hopkins University as part of their Masters in Intelligence Analysis program.
Attack Surface Management Solutions
Learn more