Xiaomi, the largest Chinese smartphone maker, is under attack, again. Maybe you recall the reports of this summer, by F-Secure, claiming that Xiaomi phones secretly send back text messages, contacts, device IMEI and IMSI numbers back to Bejing. Although Hugo Barra of Xiaomi denied the claims, hardly anyone took that statement seriously. Further doubts arose as the US government banned the use of Chinese technology in many of its agencies, including NASA. This step was followed by a number of foreign governments, as well. The Indian Air Force asked employees not to use Chinese technology. Meanwhile, the Taiwanese government is actively investigating the company for posing a cybersecurity threat to the country, and is looking to ban the brand altogether.
This latest attack on Xiaomi comes from an independent Taiwanese security researcher, Chen Huang. He claims that the company’s servers, which store sensitive information about the company’s customers, can be easily hacked (which he’s done). Mr. Huang was actually supposed to present a talk on this topic at the Ground Zero Summit 2014, the largest information security conference in Asia.
The talk was was pulled of the schedule within a day, supposedly to allow Xiaomi to investigate the matter. The Hacker News, however, was contacted by the researcher and was provided with a list of a few thousand users’ data to prove legitimacy of the millions of records breached.
Everyone who uses Xiaomi smartphones should update their passwords as soon as possible to prevent theft of data.
Xiaomi claims it plans to relocate its servers outside of China (to India), to prevent government access to them.
Don’t miss yesterday’s post about the Chinese Baidu spyware built into the newest Sony Xperia device. Read here.
