October 30, 2014 by

Chinese Smartphone Maker Xiaomi Under Attack (Again)

Xiaomi, the largest Chinese smartphone maker, is under attack, again. Maybe you recall the reports of this summer, by F-Secure, claiming that Xiaomi phones secretly send back text messages, contacts, device IMEI and IMSI numbers back to Bejing. Although Hugo Barra of Xiaomi denied the claims, hardly anyone took that statement seriously. Further doubts arose as the US government banned the use of Chinese technology in many of its agencies, including NASA. This step was followed by a number of foreign governments, as well. The Indian Air Force asked employees not to use Chinese technology. Meanwhile, the Taiwanese government is actively investigating the company for posing a cybersecurity threat to the country, and is looking to ban the brand altogether.

This latest attack on Xiaomi comes from an independent Taiwanese security researcher, Chen Huang. He claims that the company’s servers, which store sensitive information about the company’s customers, can be easily hacked (which he’s done). Mr. Huang was actually supposed to present a talk on this topic at the Ground Zero Summit 2014, the largest information security conference in Asia.

The talk was was pulled of the schedule within a day, supposedly to allow Xiaomi to investigate the matter. The Hacker News, however, was contacted by the researcher and was provided with a list of a few thousand users’ data to prove legitimacy of the millions of records breached.

Everyone who uses Xiaomi smartphones should update their passwords as soon as possible to prevent theft of data.

Xiaomi claims it plans to relocate its servers outside of China (to India), to prevent government access to them.

Don’t miss yesterday’s post about the Chinese Baidu spyware built into the newest Sony Xperia device. Read here.


About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

India’s National ID Database of 1.2 Billion People Breached for $8

An Indian news publication has reported that the government’s biggest citizen database, a register...

Read more arrow_forward

US Navy Investigates Possible CyberAttack after Ship Collision

The United States Navy is investigating the cause of a collision of the USS John S McCain and a...

Read more arrow_forward

Ransomware Woes Sees India Force Microsoft for Cut-Price Upgrade Deal

Following last month’s unprecedented cyberattack led by the WannaCry ransomware, India has...

Read more arrow_forward