October 30, 2014 by ...
A Taiwanese hacker claims to have lifted Xiaomi user data and passwords from Xiaomi servers. Apparently the hacker, named Chen Huang, had exposed a zero day exploit ‘proving” that Xiaomi user data had been hacked. Mr Huang was going to present that data at a convention in India.
From what it looks like Mr Huang had probably alerted Xiaomi to the problem and given them to time to react. They did not do so and he wanted to expose this fact. In addition, at the convention Mr Chen was also going to release server logs showing how Xiaomi was cribbing and sending data back to Beijing. Perhaps he played an instrumental role in providing information to the Taiwanese government which spurred on a call for banning Xiaomi phones.
Interestingly enough, but not surprisingly, Xiaomi has issued a rejoinder saying ‘Don’t worry, be happy.’ According to one source, Xiaomi said that the breach is old news and everything has been taken care of. They called it a minor problem which has been fixed. In another they called it a hoax and are threatening legal action.
Sounds vaguely similar to what Xiaomi said about about them sending data to China. Initially they denied it. Then they minimized what had happened. Subsequent to that they issued a patch which did not work and as of this writing, the Redmi was still surreptitiously sending off data.
Time will tell about who is right. As it stands currently, ‘Privacy-Alert: Exposing China-based XIAOMI Mobiles’, will be a part of the convention just as soon as Xiaomi replies. If the paper is presented as proposed, it could be explosive.