Xiaomi Mobile: China’s Tool for Global Espionage

May 14, 2020
xiaomi mobile data privacy concerns compromised data privacy information security infosec

Xiaomi Mobile – A well-known Chinese smartphone manufacturer is under public scrutiny once again, due to allegations that it’s been spying on users all over the world in favor of the Chinese government.

The tech giant, is among the top five in terms of smartphone manufacturing, globally. It is the #1 smartphone of choice and the largest provider of mobile phones in India. It has a cult following, especially its flagship devices, the Mi series and the Redmi Note.

The particular series of devices, however, has been one of the sources of controversy surrounding the smartphone manufacturer. A group of cyber security experts were able to observe and discover loopholes on Xiaomi’s mobile phones, with evidence showing that it’s transmitting all acquired data to remote servers hosted by Alibaba.

Xiaomi’s flagship smartphones have several preloaded apps and its very own web browser – Mi Browser. These programs have been found recording the browsing histories of its users, regardless even if they were in “incognito” or private mode. Other online reports from several security researchers have shown the Xiaomi Red Note sending images and SMS data to several servers that were traced and located in Beijing.

The tech giant continues to deny the claims, saying that they are not spies for the Chinese government. While it’s tracking users’ browsing data, it says it does not share this with third parties or utilize it in any form. A couple of security researchers, however, spotted similar backdoors on the phone which shows that it’s obtaining user data without getting any kind of consent. Their discovery, as they have bluntly put it, “our mobile phones are basically watching our every move”. And by tracking its activity, all data goes straight to the remote servers hosted by Alibaba.

The security researchers mentioned that their personal information, and their private life are not so private anymore. They were being exposed through the backdoors that Xiaomi mobile has deliberately embedded in their mobile devices. In addition to monitoring browsing activities, Their Redmi Note 8 was observed to be recording the folders they have accessed and which browser screens they have swiped. The activity logs included the settings and other preloaded apps.

There were also several notable cases wherein Xiaomi mobile testers were surprised to have observed the phones to be automatically connecting to the same IP address in China and transferring the data back to its servers when in WiFi. It surprised them even more to see that even though they have rooted the device and flashed it with another firmware, the very same background process continued. It’s like the process has been hardcoded in the phone’s hardware systems.

Another even more interesting note is that all other behavioural data were traced and transported to Xiaomi’s remote servers located in Singapore and Russia. The web domains for the said remote servers were found to be registered in Beijing, where the Xiaomi headquarters is located.

This is not the first time that the tech giant was found with having backdoors and loopholes on their mobile devices. They have already faced many accusations and allegations before regarding security concerns for their products. Nevertheless, Xiaomi continues to deny all of the allegations. These issues never seemed to have affected their performance on the market and they continue to secure their place among the top smartphone manufacturers in the world.

At the moment, in spite of these controversies, Xiaomi has even lowered the prices for some of their smartphones in India, coinciding with the release of their Mi3 flagship phone, which was sold out twice in less than an hour.


About the author

Leave a Reply