Forbes: China’s Xiaomi allegedly records users’ data
Illustrative photo. |
In an interview with the US’ Forbes magazine, cybersecurity researcher Gabi Cirlig had noted that his Redmi Note 8 smartphone was watching much of what he was doing on the phone. That data was then being sent to remote servers rented by Xiaomi and hosted by Chinese largest tech corporation Alibaba, the report said.
While investigating, Cirlig further found that the default Xiaomi browser recorded all the websites that were visited on the device. This also included search activities on Google and privacy-focused DuckDuckGo. Cirlig also noticed that the device tracked his activities even when he was supposedly using the incognito mode — a setting that prevents browsing history or cache from being stored.
Furthermore, the device was also found tracking and recording other tasks and activities like the folders being opened, the various screens that were being swiped, etc. The data was being compiled and sent to remote servers in Singapore and Russia hosted by web domains registered in Beijing.
Forbes had further reeled in cybersecurity researcher Andrew Tierney to investigate. Tierney’s analysis concluded that browsers shipped by Xiaomi on Google Play—Mi Browser Pro and the Mint Browser—were collecting similar data.
To test whether other Xiaomi devices had a similar flaw, Cirlig downloaded the firmware for the phone including the Xiaomi MI 10, Xiaomi Redmi K20 and Xiaomi Mi MIX 3 devices.
The devices had the same code that led to these issues in Crilig’s Redmi phone. Furthermore, despite the company’s claim of data being encrypted, the cybersecurity researcher was quickly able to decode a chunk of information form data being sent to the servers. The information was hidden with a form of easily crackable encoding called base64, the report said.
Xiaomi denied the report stating that it wasn’t collecting or sending user data to remote servers without user’s permission. Furthermore, in an additional clarification to Forbes, it had said that some amount of data was being collected for analyzing user behaviour on the device.
The company had later said that it had since fixed the issue by seeking users' permission before sending data over encrypted connections according to a Reuters report.
Xiaomi last month had said that its Redmi brand has sold over 110 million units worldwide since its launch. In mid-2019, Xiami reporterd the second quarter sales in Vietnam rose by 60 per cent year-on-year. It attributed the success to the support of the MiFan community, which now numbers 206,000 in the country, and one million followers in social media, according to Vietnambiz. |
White House says US tech CEOs strongly support Trump on Huawei restrictions Chief executives from several US tech companies met with President Donald Trump on Jul 22 and expressed "strong support" for policies restricting the use of ... |
White House will meet with tech execs to talk about Huawei ban: sources White House economic adviser Larry Kudlow will host a meeting with semi-conductor and software executives on July 20 to discuss the US ban on sales ... |
Huawei’s 5G 'business as usual' despite sanctions Chinese telecommunications giant Huawei said on Wednesday (Jun 26) that its 5G business has not been impacted by the recent US sanctions amid a prolonged ... |