[TheRecord] Lithuanian government warns about secret censorship features in Xiaomi phones

The Lithuanian Defense Ministry published a security audit on Wednesday for three popular 5G smartphone models manufactured in China, recommending that citizens avoid or stop using at least two of the three devices, citing privacy infringements and secret censorship capabilities.

The 5G smartphone models selected for the audit included:

OnePlus 8T 5GHuawei P40 5GXiaomi Mi 10T 5G

Margiris Abukevičius, Deputy Minister of National Defense, said the phones were selected because they had been previously identified “by the international community as posing certain cyber security risks.”

While the government audit, which is available for download from the ministry’s website [PDF], did not find any issues with the OnePlus 8T 5G, several problems were identified with the other two models.

Xiaomi: Censorship module, surreptitious data collection

The most were found in the Xiaomi Mi 10T, where officials said they uncovered a secret censorship module that could detect and censor 449 keywords or groups of keywords in both Chinese and Latin characters related to sensitive topics inside China, such as “Free Tibet,” “Voice of America,” “Democratic Movement,” “Longing Taiwan Independence,” and others.

Officials said this module was disabled inside Lithuania and the EU region, but they also found a function that could have allowed Xiaomi to silently enable the censorship module at any given time without the user’s knowledge.

In addition, officials said they also found a second issue impacting Xiaomi phones, which also sent an encrypted SMS message to Xiaomi servers whenever the owner chose to use the Xiaomi Cloud service.

“Investigators were unable to read the contents of this encrypted message, so we can’t tell you what information the device sent,” Dr. Tautvydas Bakšys, one of the report’s authors, said on Wednesday.

After the SMS was sent, the message was also hidden from the device owner, another action which Lithuanian authorities saw as a sign of alarm.

Furthermore, officials said they also found that the Xiaomi phone also collected up to 61 data points about the device and its owner via the Mi Browser app, information it sent to a Google Analytics account and to Chinese servers.

Xiaomi did not return a request for comment sent by The Record seeking answers to the Lithuanian government’s report.

The same audit also found an issue with the Huawei P40 5G model, which officials said would often redirect users seeking various apps to malicious alternatives.

The post Lithuanian government warns about secret censorship features in Xiaomi phones appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SANS ISC] Spring: It isn’t just about Spring4Shell. Spring Cloud Function Vulnerabilities are being probed too., (Mon, Apr 11th)

All posts, Sans-ISC

Our “First Seen URL” page did show attempts to access /actuator/gateway/routes this weekend. So I dug in a bit deeper to see what these scans are all about. The scans originate from %%ip:45.155.204.146%% and have been going on for a few days already, but our first-seen list doesn’t display them until they hit a threshold to […]

Read More

[ESET] Ransomware cost US companies almost $21 billion in downtime in 2020

All posts, ESET feed

The victims lost an average of nine days to downtime and two-and-a-half months to investigations, an analysis of disclosed attacks shows The post Ransomware cost US companies almost $21 billion in downtime in 2020 appeared first on WeLiveSecurity Source: Read More (WeLiveSecurity)

Read More

[SecurityWeek] Apple Chief Cook Takes App Store Battle to Washington

All posts, Security Week

Apple head Tim Cook attacked moves to regulate his company’s App Store in a rare speech in Washington on Tuesday, arguing that new rules could threaten iPhone users’ privacy. read more Source: Read More (SecurityWeek RSS Feed)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.