• Welcome to Tamil Brahmins forums.

    You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our Free Brahmin Community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

    If you have any problems with the registration process or your account login, please contact contact us.

Security Firm Shows Chinese made Xiaomi Smartphones Do Secretly Steal Your Data

Status
Not open for further replies.
[h=1]Security Firm Shows Xiaomi Smartphones Do Secretly Steal Your Data[/h]

Finnish security firm F-Secure has shown that a smartphone from Chinese manufacturer Xiaomi does secretly steal user data without their permission despite strong denials by the company last month.
At the end of July a number of articles claimed that phones made by up-and-coming Chinese manufacturer Xiaomi - often called the 'Apple of the East' - were silently uploading user information to servers based in Beijing.


The company came out strongly to deny these rumours with the company's head of global expansion - and former Google executive - Hugo Barra writing an extensive question and answer post on Google+ to clarify the situation.


Barra said the company's forked version of Android - called MIUI - does not secretly upload photos or text messages but that it does upload this information through its Mi Cloud service (similar to Apple's iCloud) but only with the express permission of the user.


Silent



However today Finnish security firm F-Secure has published a blog detailing how a brand new RedMi 1S smartphone silently uploaded a users' phone number, the network being used, the phone's IMEI number (used to identify a specific phone), as well as the phone numbers of contacts added to the address book and phone numbers of SMS messages received.


The security company said that it took a brand new smartphone from the box with no prior set-up or cloud connect allowed. It then followed the following steps:

  • Inserted SIM card
  • Connected to WiFi
  • Allowed the GPS location service
  • Added a new contact into the phonebook
  • Send and received an SMS and MMS message
  • Made and received a phone call
"We saw that on startup, the phone sent the telco name to the server api.account.xiaomi.com. It also sent IMEI and phone number to the same server," F-Secure said.


xiaomi-uploading-user-data-secretly.png
F-Secure




The company then repeated the above steps but this time connecting to the Mi Cloud service. This time around the IMSI details (used to identify the user of a cellular network) were sent to api.account.xiaomi.com, as well as the IMEI and phone number.


In his Google+ post on the controversy, Barra claimed:


"Xiaomi is serious about user privacy and takes all possible steps to ensure our Internet services adhere to our privacy policy. We do not upload any personal information and data without the permission of users."


This experiment from F-Secure would suggest otherwise.


However F-Secure's security researcher Sean Sullivan cautioned that what Xiaomi is doing could be replicated by other smartphone manufacturers:


"It's important to note that all 'smart' phones are more or less nothing more than a tracking device in your pocket. Our research is ongoing to determine how much metadata vs data is being collected, and whether or not it differs significantly from other vendors in the industry."


IBTimes UK contacted Xiaomi and Barra to try and get a response to these fresh allegations but at the time of publication had received no response.

Security Firm Shows Xiaomi Smartphones Do Secretly Steal Your Data
 
Perhaps it is done without user's approval or knowledge. In fact, all applications ask for location, phone book etc. data to be accessed for enabling the app.
 
Status
Not open for further replies.

Latest ads

Back
Top