Be Careful…Xiaomi Phones Secretly Sending Personal Data To The Chinese Govt

[Please see Xiaomi’s clarification update at the end of the post. ]

Personal data, it’s all about personal data. Everyone wants to know everything about you. Facebook knows more about people’s choices, preferences and beliefs than a government about its people.

The NSA never gets tired of snooping on everyone’s text messages and photographs. So, this new report shouldn’t come as a big surprise to most of you all. However, it does serve as a warning. Is any of your personal data safe anywhere?

There’s a saying – “Once something goes to the web, it can never be erased completely.” It’s true, and this doesn’t just apply to classified government leaks of personal photographs of celebrities and iconic personalities. Every human on this planet with a Smartphone or electronic gadget that connects to the Internet is a target.

Recently, a Redmi Note (the sub $150 Phablet from Xiaomi, scheduled to sell in India soon) user from Hong Kong identified unusual data traffic from his Smartphone when connected to any WiFi network. Upon closer inspection, the owner of the device found out that his phone was sending personal info – text messages and photos – to an unknown IP address that is located in China.

[Source]

Since then, people have tracked down that IP address, and as it turns out, it belongs to the Chinese government. More specifically, the IP address belongs to CNNIC, which is the administrative agency that is responsible for Internet affairs in China.

CNNIC works under the Ministry of Information Industry, but can we be sure anymore that it is nothing but a mask for a Chinese government spying department?

The owner of the Xiaomi Redmi Note tried rooting his phone, flashing a different firmware, but nothing seemed to stop the continuous flow of personal data to the Chinese server.

What is more startling is that the user hadn’t even signed up for Xiaomi’s Mi Cloud service, which is a cloud storage service for storing personal data online. We are pretty sure that many of you won’t be using that service until an official clarification is provided by Xiaomi and the Chinese government. While the former could happen, the latter is highly unlikely.

It has also been confirmed that the privacy breach affects the Xiaomi Redmi 1S as well, which is another budget handset from Xiaomi. Together, that’s millions of Smartphones in China that are presently being spied on.

Until now, the Xiaomi Mi3 hasn’t been added to the list. Launched only last week in India, people are going to turn against Xiaomi in a very aggressive manner if the Mi3 is indeed affected.

It’s sad, really, and I think that once more people start finding out about this incident, they are definitely going to avoid Chinese Smartphones for a while.

There’s a temporary fix for the issue, which can be found here. You will need a rooted Xiaomi handset and Terminal Emulator installed to block your phone from sending any further information to the Chinese.

For now, there’s not much that you can do. The Redmi Note and Redmi 1S aren’t available in India yet, but I urge you to use your Mi3 cautiously.

For now, do not click compromising photographs or send texts with sensitive information using that device until it is confirmed that it isn’t affected by this shameful privacy breach.

Update: Xiaomi’s Hugo Barra has published a official clarrification on this matter. According to them, they are NOT secretly sending any data to Chinese Government. Please check out the update here]