Xiaomi Roots Backdoors in Its System?

2

November 16, 2014 by ...

The following is a post from this forum. The speaker is pointing out all of the ugly things that your Xiaomi may be doing without your knowledge. Xiaomi had gone into cover up mode and claimed they had solved this problem but wantchinatimes.com claims this is untrue.

Decide for yourselves:

Below the post I have pasted comments as well.

Posted originally by OP
Xiaomi Security issues. Xiaomi firmware has multiple backdoors So I’ve basically got myself in this sh*t because lack of care.. Until it pop’d and hit the highlights.

And now straight to the point. It doesn’t f*ckin matters if you had a fw or not. As the backdoors are embedded in ROOT system processes.
And those where obviously white-listed as i didn’t think of a nasty Chinese guy sitting in it calling back home. My friend who got the same phone found the article as i was having my vacation for a bit, so when i found out i did a bit a research of course on my device. After finding all this i e-mail’d him it and he posted it on the Xiaomi European forums. Guess what happened, it got deleted. So they know damn good what they’re doing.

Quote:
When you purchase Xiaomi products or services, we’ll collect relevant personal information, including but not limited: delivery information, bank account, credit card information, bill address, credit check and other financial information, contact or communication records.
Quote:
Originally Posted by OP

Music app(?) connects to:
202.173.255.152
2012-12-01 lrc.aspxp.net
2012-12-01 lrc.feiyes.net
2012-12-01 w.w.w.616hk.com
2012-12-01 w.w.w.hk238.com
2012-12-01 w.w.w.lrc123.com

123.125.114.145
2013-11-27 tinglog.baidu.com
1/53 2014-07-02 12:51:01 hxxp://tinglog.baidu.com

Latest detected files that communicate with this IP address
Latest files submitted to VirusTotal that are detected by one or more antivirus solutions and communicate with the IP address provided when executed in a sandboxed environment.

3/43 2014-07-08 07:39:24 facb146de47229b56bdc4481ce22fb5ec9e702dfbd7e70e82e 4e4316ac1e7cbd
47/51 2014-04-28 09:25:27 091457f59fc87f5ca230c6d955407303fb5f5ba364508401a7 564fb32d9a24fa
24/47 2014-01-08 08:19:43 3cf0a98570e522af692cb5f19b43085c706aa7d2f63d05469b 6ac8db5c20cdcd
21/48 2013-12-02 15:15:45 7e34cb88fc82b69322f7935157922cdb17cb6c69d868a88946 8e297257ee9072
19/48 2013-12-01 20:02:32 bce4bd44d3373b2670a7d68e058c7ce0fa510912275d452d36 3777f640aa4c70

Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.
1/53 2014-07-02 12:47:57 hxxp://dev.baidu.com/

Android-system ANT HAL Service(Framework_ext.apk/jar) connect to:
42.62.48.207
VirusTotal’s passive DNS only stores address records. The following domains resolved to the given IP address.
2014-04-28 app.migc.wali.com
2014-07-12 app.migc.xiaomi.com
2014-05-30 gamevip.wali.com
2014-05-30 log.wlimg.cn
2014-04-21 mitunes.game.xiaomi.com
2014-04-30 oss.wali.com
2014-05-17 p.tongji.wali.com
2014-07-13 policy.app.xiaomi.com

Latest detected URLs
Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.
1/58 2014-08-13 07:10:49 hxxp://policy.app.xiaomi.com/cms/interface/v1/checkpackages.php
1/58 2014-08-10 00:46:35 hxxp://policy.app.xiaomi.com/
1/53 2014-07-02 12:49:59 hxxtp://oss.wali.com

Messages(Mms.apk) connect to (it literary calls back home)
54.179.146.166
2014-08-12 api.account.xiaomi.com
2014-07-26 w.w.w.asani.com.pk

What it does? It sends phone numbers you call to, send messages to, add etc to a Resin/4.0.13 java application running on a nginx webserver to collect data. Checkpackages, embedded system process/app posts all installed apps to a Tengine a/k/a nginx webserver cms.

URL: hxxtp://api.account.xiaomi.com:81/pass/v3
Server: sgpaws-ac-web01.mias
Software: Tengine/2.0.1 | Resin/4.0.13

URL: hxxp://policy.app.xiaomi.com:8080/cms/interface/v1/

Comments
Senior MemberThanks: 112

412 posts Joined: Nov 2010
Same issue, blocked me in MiUi forum!
Quote:
Originally Posted by zelendel
No it’s not. If we were and iOS forum. Then we would be calling them out as well.

I had noticed the same security issues and data leaks by Xiaomi device (note is not just MiUi but whole system) and showed them proofs, even wrote to Hugo but just after seeing my proofs they blocked me in their forum. I do use MI3 but miss the resources they have in forum. Anyway, I am just using the device without DATA or firewall app if need DATA. Hope they had played fairly with users.

Problem is deeper than this. The users instantly start screaming any one who says this mobile has security leaks (e.g me) ad asks for proofs, once I post the proofs they dont accept it and raise as whole but they get their own way to download resources from MiUi forum. I am alone but I wont surrender.

Quote:
Originally Posted by xiaohan
I don’t think the phone is released in Europe yet? So if you have problem with the software,flash with your own OS build or use another phone. The government tried to push everyone using true identity in case there is any cyber crime happens. Plus, did CIA,NSA or any government agency tell you when they search through your personal data? I doubt.

Sent from my HTC One using XDA Free mobile app

What? Brother I am from India. To clear my situation more My banker sends me a highly secured one time password through message each time I try to access their online services. Now this MI3 is leaking (have proofs) and redirecting SMS (with one access notification which is not clear enough) its a security breach and case of international cyber crime. But in India, politicians has nothing to do with such issues, officers have “more important” things to do and Banker said me to change my mobile. So such is the case when you are in not developed country. Here even if some gets killed then police comes after all has been settled down let alone a security breach. It just and just a very “minor” or not an issue at all.

Even more interesting are comments from here

[–]dppowMako | Tilapia | Redmi Note 12 points 3 months ago
I ran the Network Log on my Redmi Note and one of the destinations for “Android System” is http://42.62.48.207/ which appears to be http://tengine.taobao.org/
Should I be worried about this?
permalink

[–]ShidellMoto G 2014 (Cricket) 11 points 3 months ago
Yes, of course you should.
Your phone is contacting other devices unsolicited with your personal information. What could go wrong?
permalinkparent

Advertisements

2 thoughts on “Xiaomi Roots Backdoors in Its System?

  1. Wary of Chinese tech gear says:

    This is not uncommon for Chinese companies. They take a different view of privacy. As a matter of fact, many of their cell phone manufacturers build in malware and use it to subsidize the cost of their phones.

    Here is a link http://www.site.co.uk/eBay-Bans-Listings-for-Star-N9500-Smartphones-Shipped-with-Malware

    Like

  2. […] concerns surrounding their kit. In fact, one would be hard pressed to find a firm which has caused more of a panic in such a short period of time. Although they have only been selling phones […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 85 other followers

Stat Counter

counter for wordpress

Member of The Internet Defense League

Blog Stats

  • 46,625 hits
November 2014
M T W T F S S
« Oct   Dec »
 12
3456789
10111213141516
17181920212223
24252627282930
%d bloggers like this: