Security Audit Highlights Huawei and Xiaomi | Software Modules Included to Leak Data to Chinese Authorities – Tech Times

Security Audit Highlights Huawei and Xiaomi | Software Modules Included to Leak Data to Chinese Authorities and Potentially 'Malicious' App Repacking
(Photo : Image from Security Audit Highlights Huawei and Xiaomi | Software Modules Included to Leak Data to Chinese Authorities and Potentially ‘Malicious’ App Repacking

A security audit that included Huawei’s P40 5G, OnePlus’ 8T 5G, and the Xiaomi Mi 10T 5G revealed certain oddities with the smartphone brands. Only OnePlus passed without having raised any red flags.

NCSC Security Assessment on Three Chinese-made Smartphones

A recent security assessment was made by the Lithuanian National Cyber Security Center or NCSC and included security data on the three most recent Chinese-made smartphones. It was found that the Xiaomi phone actually included software modules that were designed to leak certain data to Chinese authorities.

It was also reportedly designed to censor certain media that is related to topics considered sensitive by the Chinese government. Huawei reportedly replaced the standard Google Play app store with a third-party substitute which was found to have sketchy, potentially malicious repackaging of certain common apps, according to the NCSC. There has also been a 100% increase in cybercriminal activities in Telegram.

OnePlus Passes while Xiaomi Raises Red Flags

OnePlus 8T 5G was reportedly able to escape without having raised any red flags with the NSCS. The Xiaomi Mi 10T 5G comes with its own nonstandard browser known as the Mi Browser. It was found that the Mi Browser had two components that the NSCS didn’t like, including Google Analytics, as well as a less familiar module known as Sensor Data.

According to the story by arsTechnina, the Google Analytics module inside the Mi Browser can reportedly read the device’s search and browsing history and send the data to Xiaomi servers for unspecified analysis as well as use. The Google Analytics module is reportedly automatically updated after any factory reset or the phone’s first activation.

NSCS on Singapore

The NCSC reportedly found Sensor Data’s module actually collects certain statistics on 61 different parameters that relate to application activity. This includes app activation, language used, and more. The statistics are encrypted and sent to the Xiaomi servers in Singapore.

This is a country that the NSCS says is not really covered by the EU’s own GDPR and has also been tied directly to excessive data collection, according to an article by Android Authority, as well as abuse of user privacy.

Read Also: OPPO, OnePlus Merging Teams Sees 20% Staff Cut for Software and Hardware Teams

Encrypted SMS Sent Upon Activation

The NSCS reportedly found mobile phone numbers that were even registered to servers in Singapore through encrypted SMS messages on activasion, which is a default Xiaomi cloud service. The encrypted SMS is also not visible to its user. For those that have forgotten their crypto wallets, a father and son hacker duo is on a quest to help owners get back their lost assets.

There are a number of Xiaomi system applications that are on the Xiaomi Mi 10T 5G that regularly download a file that is known as MiAdBlackListConfig coming from Singapore servers. The NCSC found 449 records in the file identifying political, religious, and even social groups.

Certain software classes in the Xiaomi applications even use MiAdBlackListConfig in order to analyze certain multimedia which could be displayed on the device. It will then block the content if ever “undesirable” keywords are then associated with it.

Related Article: Apple Issues Emergency Security Update as Pegasus Spyware from Israel-Based NGO Group is On the Loose

This article is owned by Tech Times

Written by Urian B.

ⓒ 2021 All rights reserved. Do not reproduce without permission.


Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.