Xiaomi Phones Secretly Sending Users Sensitive Data to Chinese Servers

Chinese telecoms equipment suppliers have previously been criticized by some countries due to suspected backdoors in its products, and if United States has banned its several major government departments, including NASA, Justice and Commerce Departments, from purchasing Chinese products and computer technology, then they are not wrong at all.

Find that his phone was sending personal info – text messages and photos – to an unknown IP address that is located in China.

In the latest claim against Chinese smartphone manufacturers is the allegation that the popular Chinese smartphone brand, Xiaomi has been suspected of “secretly” stealing users’ information— including SMS messages and photos —from the device without the user’s permissions and sending it back to a server in Beijing, despite of turning off the data backup functions, according to Apple Insider.

Security Researchers from F-Secure Antivirus firm has shown that the Xiaomi phones (RedMi 1S handset) send quite a lot of personal and sensitive data to “api.account.xiaomi.com”  server located in China, including following information:
  • IMEI Number of your phone
  • IMSI Number (through MI Cloud)
  • Your contacts and their details
  • Text Messages
China-based smartphone company Xiaomi recently marked a successful entry into the Indian market this month. Earlier this year, the company also announced its Redmi Note, which, just like Xiaomi’s other handsets, was an affordable with almost all features that an excellent smartphone provides. However, the handset might be doing more than what it has been advertised.
Kenny Li of Hong Kong forum, IMA Mobile, recently noticed something odd with its Redmi Note smartphone. He discovered that the device continued to make connections with IP addresses in Beijing, China. The device kept trying to make the connection, even after switching off the company’s iCloud-like MiCloud service.
Although it was pointed out that the transmissions occur only over Wi-Fi, though the device does stay in contact with the servers via small “handshakes” while using cellular data. Li then tried erasing the version of Android and installed a new version of Android, But the problem still persisted.
xiaomi phones security

Device does stay in contact with the servers via small “handshakes” while using cellular data

Previously China has accused companies like Google, Facebook, Microsoft, and Apple for spying on countries. So, what China is doing? The same.
Xiaomi, which is also known as Apple of China, has yet to respond to the allegations that the Redmi Note secretly sends user data to a China-based server.
If the allegations on the Xiaomi handset come true, it wouldn’t be the first time a Chinese smartphone was found spying on its users. It had happened before as well, China has been known for its Digital Spying and privacy invasion. Recently, a German security firm claimed that a popular Chinese Android Smartphone, the Star N9500, came pre-installed with a Trojan that could allow manufacturer to spy onto their users’ comprising their personal data and conversations without any restrictions and users knowledge.
Later in mid-June, the breach on the Star N9500 could allow an attacker to record phone calls automatically, read emails and text messages, and remotely control the phone’s microphone and camera, in order to turn users’ smartphone into a bugging device that allows hackers to hear anything you are saying near by the phone. It could also be used for theft, including granting access to the user’s online banking service.
IP Address Details

IP Address Details

Since then, people have tracked down that IP address, and as it turns out, it belongs to the Chinese government. More specifically, the IP address belongs to CNNIC, which is the administrative agency that is responsible for Internet affairs in China.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s