October 19, 2014 by ...
Xiaomi is an interesting company with an increasingly checkered reputation. A designer from its idol Apple, called Xiaomi’s ‘borrowing’ their design ‘theft’ and ‘lazy’. This hurt Lei Jun’s feelings as he previously commented that as soon as Steve Jobs died, he would carry the ‘Apple’ torch at Xiaomi. As macabre as that is, it’s true. Lei Jun was asked about Xiaomi’s long term prognosis a few years ago and he said, ‘Steve Jobs has to die some day.”
Setting aside Lei’s questionable sensibilities, we see that his company is proving to be a security nightmare. The latest issue involves the Indian Air Force, but more on that later. I will summarize the facts of Xiaomi’s data breaches for you and you can follow the links below for more details.
Xiaomi recent security issues
Xiaomi phones were found to be covertly sending user data to Beijing and the Chinese mainland. Users were not told and outrage ensued. Xiaomi promised a patch, which was unsuccessful and Xiaomi phones still swiped data. Despite Lei Jun and friends telling us not to worry, we did just that. For example:
-Hong Kong reported the first incidence of spying and data theft
-V Secure corroborated this
-Xiaomi’s anti-virus acted like a virus
-Xiaomi phones can swipe credit card information
-Vietnam then cautioned against Xiaomi phones due to data theft
-Xiaomi hacked WhatsApp and then offered the hacked version to its user base
–Taiwan found two of four Xiaomi models actively engaged in data theft and will decide within three months whether they will ban the handhelds due to espionage fears
-China’s communist party backed CCTV asked Xiaomi if they were stealing data from mainland customers as they did to those in Taiwan
-Singapore was considering legal action against Xiaomi for breaching Singapore security laws
-Xiaomi selling user data in Singapore to telemarketers?
Indian Air Force bans Xiaomi
But all of that news is at least a few weeks old. What we learn from this article is that India has jumped on the security threat bandwagon, or at least the Indian Air Force has. As stated in the article below, the Indian Air force has cautioned all members and their families against using Xiaomi gear. Their rationale is that it cannot be trusted, especially with sensitive data.
Excerpt- ‘NEW DELHI: China-based leading smartphone manufacturer Xiaomi, which recently marked a successful entry into the Indian market, is allegedly a security threat. It has been accused by the Indian Air Force (IAF) of sending user data to remote servers located in China — a charge that amounts to spying.
In an alert issued to air warriors and their family members, the IAF has claimed that smartphones and note books manufactured by Xiaomi have been found to send users’ private data to servers based in Beijing. The IAF alert, accessed by Express, has come with ‘medium’ severity rating which is considered serious according to an IAF official.’
Xiaomi sending data to a security arm of the communist party
The article, which I suggest everyone read, also makes the following claim, ‘“According to the PhoneArena report, looking up the website of the company owning the IP address in the range 220.127.116.11-18.104.22.168 reveals that the website owner is http://www.cnnic.cn. CNNIC is the administrative agency responsible for Internet affairs under the Ministry of Information Industry of People’s Republic of China. It is based in the Zhongguancun hi-tech district of Beijing.”
This means that your Xiaomi phone may be sending your data to those crazy cyber nannies in Beijing. But even more enticing is what the Indian Computer Emergency Response Team (CERT-In) has to say…..
Rather than spoil it for you, why don’t your just click here and read for yourself.
Have a great day and try to not think about what that smart phone in your pocket is up to.