The Lithuanian National Cyber Security Center claims to have found evidence of a feature in Xiaomi phones that would recognize and obscure terms such as “Free Tibet” and “Long live Taiwanese independence.” This system could have been disabled in Europe.
Lithuanian National Cyber Security Center NKSC She says she researched the Xiaomi Mi 10T 5G and found three security risks in it. One such security issue revolves around the ability to monitor content. Some apps, including Mi Browser, regularly download a list of banned terms. If the user has to “send content with this blocked word, the device will block this content”.
Presumably, NKSC means that if users search for terms like “Tibetan liberation”, the browser will block them. Now there will be 449 terms in this list, such as “Democratic Movement” and “Voice of America.” This content filtering feature is disabled on Xiaomi phones sold in Lithuania. At the same time, Xiaomi will have the technical possibility to enable this function remotely without the knowledge of the user. The list now consists of Chinese terms, although according to the NKSC it can also consist of Latin script.
The other two vulnerabilities may pose a risk of personal data leakage. For example, Mi Browser will not only use Google Analytics, but also Chinese sensor data. The sensor data will send data about the user’s actions on the phone within 61 parameters.
According to the NKSC, this relates to redundant information being sent to encrypted channels on Xiaomi servers in countries where GDPR is not active. The second privacy risk relates to a text message sent from a smartphone when the user wants to use the Xiaomi Cloud service. Researchers from the NKSC were unable to read this message, which, according to the NKSC, poses a privacy risk, because it is not clear what data the smartphone is sending.
The NKSC has also checked the Huawei P40 5G and says that the app store of this smartphone is sending users to third-party app stores that contain malware masquerading as antivirus apps. Finally, the center also examined the OnePlus 8T 5G, but said that it did not find any security risks.
The center says it chose these three phones because they are 5G smartphones that have been on sale in Lithuania since last year and because they are rated as high-risk phones within the international cybersecurity community. Based on the NKSC report, the Lithuanian Minister of Defense advises consumers to get rid of Chinese smartphones and stop buying, Reuters writes, among other things. Xiaomi has not yet responded to the report, according to the news agency. Huawei is said to have said that its smartphones do not send user data to external servers.
“Coffee buff. Twitter fanatic. Tv practitioner. Social media advocate. Pop culture ninja.”