What's new

Xiaomi Phones Security Thread For Indian Air Force.

Umair Nawaz

Umair Nawaz

ELITE MEMBER
Joined
Sep 10, 2012
Messages
13,407
Reaction score
-20
Country
Pakistan
Location
Pakistan

  • Chinese smartphone manufacturer Xiaomi made its entry in the Indian smartphone market with its Mi 3 smartphone in July. The company made headlines after the Mi 3 handset sold like hot cakes on Flipkart. After just six weeks of massive sales in the country, Xiaomi discontinued the Mi 3 temporarily to give mileage to the much cheaper RedMi 1S smartphone, which arrived in September.

  • What is the data snooping concern regarding Xiaomi phones?

    Before the launch of Redmi 1S, software security company F-Secure published a report in August stating that the Xiaomi RedMi 1S “sent the telco name to the server api.account.xiaomi.com. It also sent IMEI and phone number to the same server. The phone number of the contacts added to the phone book and also from SMS messages received was also forwarded.

    Commenting on the Mi Cloud service, the report stated, “the IMSI details were sent to api.account.xiaomi.com, as well as the IMEI and phone number.

    F-Secure published another report in a week, saying that Xiaomi had addressed the privacy concerns related to “MIUI Cloud Messaging Platform” by releasing an OTA update which made the messaging service “an opt-in feature, rather than a default one.

    The report confirmed that after the OTA update, the security experts “did not see any data being sent out from the phone.” Also, it stated that on logging into Mi Cloud, “base-64 encoded traffic is now sent.

    The updated report concluded by stating that Mi Cloud data was “now sent over HTTPS rather than HTTP, as seen in our previous testing.

    Is there still an issue?

    Su Gim Goh, Security Advisor, APAC, F-Secure during his visit to New Delhi on September 1, the same day when Xiaomi RedMi 1S went for sale for the first time for Flipkart First subscribers, confirmed in an exclusive interaction with IndianExpress.com that Xiaomi has rectified the privacy issues raised by it. “The entire privacy issue was related to Xiaomi’s cloud messaging service. Previously, the cloud service got activated by default without asking for the user’s permission. So, related personal data were sent from the phone to Xiaomi’s servers in China. After we alerted about this privacy concern, Xiaomi has made the cloud service as an opt-in feature and not by default, said Goh.

    As with every cloud service, data is obviously sent to servers located outside the country with the user’s permission. Goh further confirmed that the even if users opt for the Xiaomi’s cloud service, the data is now being sent over secured HTTPS than HTTP. “The privacy concerns were addressed by Xiaomi quickly and now it’s all good,” added Goh.

    So, why did Indian Air Force issue a notification against using Xiaomi phones?

    The Sunday Standard recently reported that the Indian Air Force (IAF) has notified its 1,75,000 personnel and their family members not to use Xiaomi smartphones on account of ‘spying’. The report said the IAF alert was based on the inputs from CERT-In.

    What’s surprising is that the IAF notification seems to be hinting on the same report released by F-Secure in August to which the software security company had already confirmed that Xiaomi has rectified the issue and the company no longer breaches privacy.

    Now, there can be two situations- either, the privacy problem with Xiaomi has returned or the IAF notification is based on older reports. We believe it to be the latter, as no new reports have surfaced since the F-Secure clarification in September.

    Is this snooping or is this normal?

    In every cloud service, be it Gmail, Facebook, WhatsApp or in this case, MIUI Cloud Messaging Platform, data is sent and stored in servers outside the country. Xiaomi stores the data in servers based in Beijing. There is no rule or regulation from the government stating that cloud service providers will have to store data within the country only. So, if any user opts for any sort of cloud service, then its totally up to the service provider as to where they will store the data.

    How has Xiaomi responded to the latest issue?

    According to Reuters, Xiaomi has announced that it is moving some data of non-Chinese customers away from its servers in Beijing in several phases to Amazon Inc servers in the US and data centres in Singapore due to the recent privacy considerations. This may be a pure coincidence, or Xiaomi may have actually reacted to the IAF notification. Anyway, for a company hoping to make a strong presence across the globe it is highly unlikely that Xiaomi will do something that will put off its customers or affect its business in the slightest way. Xiaomi has sold just over half a million handsets (Mi 3 and RedMi 1S combined) in India.

    - See more at: Xiaomi phones security threat for Indian Air Force | The Indian Express
Indians are just crazy.:yahoo:
 
what about i-phone/Smsung etc?lol I think all mobile phones have this in their smartphones as well. If we all want to be really save from cyber spying/protect our privacy/security threat. Then we should just all totally isolate ourselves from the outside world and stop using anyelctronic products be it laptops/smartphones/LCD tvs etc. that way we all be 100% secured. So i think this action is simply paranoia, since im sure Indian authorities know this, but for some reason they ban only one company.:p:
 
Umair Nawaz said:

  • Chinese smartphone manufacturer Xiaomi made its entry in the Indian smartphone market with its Mi 3 smartphone in July. The company made headlines after the Mi 3 handset sold like hot cakes on Flipkart. After just six weeks of massive sales in the country, Xiaomi discontinued the Mi 3 temporarily to give mileage to the much cheaper RedMi 1S smartphone, which arrived in September.

  • What is the data snooping concern regarding Xiaomi phones?

    Before the launch of Redmi 1S, software security company F-Secure published a report in August stating that the Xiaomi RedMi 1S “sent the telco name to the server api.account.xiaomi.com. It also sent IMEI and phone number to the same server. The phone number of the contacts added to the phone book and also from SMS messages received was also forwarded.

    Commenting on the Mi Cloud service, the report stated, “the IMSI details were sent to api.account.xiaomi.com, as well as the IMEI and phone number.

    F-Secure published another report in a week, saying that Xiaomi had addressed the privacy concerns related to “MIUI Cloud Messaging Platform” by releasing an OTA update which made the messaging service “an opt-in feature, rather than a default one.

    The report confirmed that after the OTA update, the security experts “did not see any data being sent out from the phone.” Also, it stated that on logging into Mi Cloud, “base-64 encoded traffic is now sent.

    The updated report concluded by stating that Mi Cloud data was “now sent over HTTPS rather than HTTP, as seen in our previous testing.

    Is there still an issue?

    Su Gim Goh, Security Advisor, APAC, F-Secure during his visit to New Delhi on September 1, the same day when Xiaomi RedMi 1S went for sale for the first time for Flipkart First subscribers, confirmed in an exclusive interaction with IndianExpress.com that Xiaomi has rectified the privacy issues raised by it. “The entire privacy issue was related to Xiaomi’s cloud messaging service. Previously, the cloud service got activated by default without asking for the user’s permission. So, related personal data were sent from the phone to Xiaomi’s servers in China. After we alerted about this privacy concern, Xiaomi has made the cloud service as an opt-in feature and not by default, said Goh.

    As with every cloud service, data is obviously sent to servers located outside the country with the user’s permission. Goh further confirmed that the even if users opt for the Xiaomi’s cloud service, the data is now being sent over secured HTTPS than HTTP. “The privacy concerns were addressed by Xiaomi quickly and now it’s all good,” added Goh.

    So, why did Indian Air Force issue a notification against using Xiaomi phones?

    The Sunday Standard recently reported that the Indian Air Force (IAF) has notified its 1,75,000 personnel and their family members not to use Xiaomi smartphones on account of ‘spying’. The report said the IAF alert was based on the inputs from CERT-In.

    What’s surprising is that the IAF notification seems to be hinting on the same report released by F-Secure in August to which the software security company had already confirmed that Xiaomi has rectified the issue and the company no longer breaches privacy.

    Now, there can be two situations- either, the privacy problem with Xiaomi has returned or the IAF notification is based on older reports. We believe it to be the latter, as no new reports have surfaced since the F-Secure clarification in September.

    Is this snooping or is this normal?

    In every cloud service, be it Gmail, Facebook, WhatsApp or in this case, MIUI Cloud Messaging Platform, data is sent and stored in servers outside the country. Xiaomi stores the data in servers based in Beijing. There is no rule or regulation from the government stating that cloud service providers will have to store data within the country only. So, if any user opts for any sort of cloud service, then its totally up to the service provider as to where they will store the data.

    How has Xiaomi responded to the latest issue?

    According to Reuters, Xiaomi has announced that it is moving some data of non-Chinese customers away from its servers in Beijing in several phases to Amazon Inc servers in the US and data centres in Singapore due to the recent privacy considerations. This may be a pure coincidence, or Xiaomi may have actually reacted to the IAF notification. Anyway, for a company hoping to make a strong presence across the globe it is highly unlikely that Xiaomi will do something that will put off its customers or affect its business in the slightest way. Xiaomi has sold just over half a million handsets (Mi 3 and RedMi 1S combined) in India.

    - See more at: Xiaomi phones security threat for Indian Air Force | The Indian Express
Indians are just crazy.:yahoo:
Click to expand...
Australia also banned Chinese telecom companies from few of its market. Now tell Oz are also crazy.
Huawei banned from Australia broadband project | Information Age
 
old news..why a new thread on this when similar thread already exists??
 

Similar threads

Nan Yang
Xiaomi launches home-grown cross-device system with HyperOS, as US-sanctioned Huawei moves further from Google’s Android
Replies
1
Views
220
hirobo2
hirobo2
Maula Jatt
Air Link, Xiaomi partner for production of Xiaomi Smart TVs
Replies
0
Views
219
Maula Jatt
Maula Jatt
Hamartia Antidote
SCMP: Chinese smartphone giant Xiaomi’s ‘personnel optimisation’ to affect 10 per cent of its workforce amid weak consumer spending
Replies
0
Views
414
Hamartia Antidote
Hamartia Antidote
GreatHanWarrior
China's Nio launches smartphone developed to use with its electric cars
Replies
0
Views
164
GreatHanWarrior
GreatHanWarrior
Bilal9
India High Court rejects bid to overturn seizure of US$676 million from Xiaomi amid sour India-China tech relations
Replies
1
Views
446
silverox
silverox

Latest posts

Pakistan Defence Latest Posts

Pakistan Affairs Latest Posts

Military Forum Latest Posts

Country Latest Posts

Back
Top Bottom