Be Careful…Xiaomi Phones Secretly Sending Personal Data To The Chinese Govt

12

[Please see Xiaomi’s clarification update at the end of the post. ]

Personal data, it’s all about personal data. Everyone wants to know everything about you. Facebook knows more about people’s choices, preferences and beliefs than a government about its people.

The NSA never gets tired of snooping on everyone’s text messages and photographs. So, this new report shouldn’t come as a big surprise to most of you all. However, it does serve as a warning. Is any of your personal data safe anywhere?

There’s a saying – “Once something goes to the web, it can never be erased completely.” It’s true, and this doesn’t just apply to classified government leaks of personal photographs of celebrities and iconic personalities. Every human on this planet with a Smartphone or electronic gadget that connects to the Internet is a target.

Recently, a Redmi Note (the sub $150 Phablet from Xiaomi, scheduled to sell in India soon) user from Hong Kong identified unusual data traffic from his Smartphone when connected to any WiFi network. Upon closer inspection, the owner of the device found out that his phone was sending personal info – text messages and photos – to an unknown IP address that is located in China.

xiaomi-Redmi-note-leak

IP Address Details

[Source]

Since then, people have tracked down that IP address, and as it turns out, it belongs to the Chinese government. More specifically, the IP address belongs to CNNIC, which is the administrative agency that is responsible for Internet affairs in China.

CNNIC works under the Ministry of Information Industry, but can we be sure anymore that it is nothing but a mask for a Chinese government spying department?

The owner of the Xiaomi Redmi Note tried rooting his phone, flashing a different firmware, but nothing seemed to stop the continuous flow of personal data to the Chinese server.

What is more startling is that the user hadn’t even signed up for Xiaomi’s Mi Cloud service, which is a cloud storage service for storing personal data online. We are pretty sure that many of you won’t be using that service until an official clarification is provided by Xiaomi and the Chinese government. While the former could happen, the latter is highly unlikely.

It has also been confirmed that the privacy breach affects the Xiaomi Redmi 1S as well, which is another budget handset from Xiaomi. Together, that’s millions of Smartphones in China that are presently being spied on.

Until now, the Xiaomi Mi3 hasn’t been added to the list. Launched only last week in India, people are going to turn against Xiaomi in a very aggressive manner if the Mi3 is indeed affected.

It’s sad, really, and I think that once more people start finding out about this incident, they are definitely going to avoid Chinese Smartphones for a while.

There’s a temporary fix for the issue, which can be found here. You will need a rooted Xiaomi handset and Terminal Emulator installed to block your phone from sending any further information to the Chinese.

For now, there’s not much that you can do. The Redmi Note and Redmi 1S aren’t available in India yet, but I urge you to use your Mi3 cautiously.

For now, do not click compromising photographs or send texts with sensitive information using that device until it is confirmed that it isn’t affected by this shameful privacy breach.

Update: Xiaomi’s Hugo Barra has published a official clarrification on this matter. According to them, they are NOT secretly sending any data to Chinese Government. Please check out the update here]

12 Comments
  1. makeinindia says

    All chinese companies are fronts of Chinese government. they are good at stealing and copying and then sell at incredibly low price to gain market. stop buying chinese products, go for Make in India products only

  2. […] was clear that Xiaomi wants to dominate global smartphone market. It is my personal view that when F-Secure report showed data compromise on Redmi Phone, the user data was definitely being stored on their servers […]

  3. […] It seems that security woes of Xiaomi mobiles is far from over. […]

  4. […] has led to a continuing demand of the phone. There was a slight scare of the company in regards to unauthorized access to personal data but the company cleared that one immediately and as of now, Xiaomi has nothing stopping […]

  5. Raghav says

    More info from a security lab – http://www.f-secure.com/weblog/archives/00002731.html

  6. […] Be Careful…Xiaomi Phones Secretly Sending Personal Data To The Chinese Govt […]

  7. Phincy says

    Just refer this page and will understand the truth behind this. Xiaomi is not stealing any of your personal data.

    https://plus.google.com/+HugoBarra/posts/9GL9h2fT8H6

    1. Arun Prabhudesai says

      We have already released an update on this. You can check it out here. https://trak.in/tags/business/2014/07/31/xiaomi-mi-clarification/

  8. rajkumar says

    Thank you, for this information, I was about to buy this phone ? India should stop import of this phone

  9. krishnan says

    our india gov should ban such a phone

  10. Satish Kandukuri says

    I think any company which has global ambitions wouldn’t do this …I will wait for official statement of Xiaomi …won’t jump the guns for now !!!

  11. Raghav says

    I think US government already banned usage of Huawei and ZTE for similar reasons.
    But isn’t the MIUI Android Source available in the open? That can be verified right?

Leave A Reply

Your email address will not be published.

who's online