1. Introducing the smashing new Team FIAT T-Shirt !! To order yours click here : Team FIAT T-Shirt

Chinese Smartphones a Security Threat, says IAF

Discussion in 'Gadgets / Electronics / Laptops' started by Herbie, Oct 25, 2014.

  1. Herbie

    Herbie Regolare

    Messages:
    290
    Bombay
    Grande Punto 1.4
    Indian Air Force refrains IAF personnels and their family members from using Xiaomi phone or tablets

    f00cad4822ae69b2c58fb3e1ed37fcbc5d593971.jpeg




    NEW DELHI: China-based leading smartphone manufacturer Xiaomi, which recently marked a successful entry into the Indian market, is allegedly a security threat. It has been accused by the Indian Air Force (IAF) of sending user data to remote servers located in China. Simply put, it is a charge that amounts to spying.

    In an alert issued to air warriors and their family members, the IAF has claimed that smartphones and note books manufactured by Xiaomi have been found to send users’ private data from these devices to servers based in Beijing. The IAF alert, accessed by The Sunday Standard, has come with ‘medium’ severity rating, which is considered serious according to an IAF official.

    The same company is also facing an investigation in Taiwan for alleged cyber security threat last month and the Taiwan government is in the process of taking decision to ban the company.

    The IAF note, which was prepared by the intelligence unit based on the inputs from Indian Computer Emergency Response Team (CERT-In), has also mentioned cases of Xiaomi mobile phones sending users’ data to its masters in China.

    “F-secure, a leading security solution company, recently carried out a test of Xiaomi Redmi 1s, the company’s budget smartphone, and found that the phone was forwarding carrier name, phone number, IMEI (the device identifier) plus numbers from address book and text messages back to Beijing,” the IAF note says.

    While mentioning another incident, the IAF note says, “A Hong Kong-based mobile phone user claims to have tested the Redmi Note smartphone and found it was automatically connected to an IP address hosted in China. The data transmitted included photo in media storage and SMSs also.”

    Quoting a reader from PhoneArena website who pointed out that the Chinese Government may be involved, the IAF note added, “According to the PhoneArena report, looking up the website of the company owning the IP address in the range 42.62.48.0-42.62.48.255 reveals that the website owner is www.cnnic.cn. CNNIC is the administrative agency responsible for Internet affairs under the Ministry of Information Industry of People’s Republic of China. It is based in the Zhongguancun high tech district of Beijing.”

    Therefore, the IAF in its alert to all of its Commands and Squadrons has stated that air warriors and their family members are advised to refrain from using these mobile devices.

    When this paper sought the company’s response, a representative from Xiaomi replied that they will respond as soon as relevant information is available. “Your mail has been forwarded to the relevant colleagues for their appropriate handling. We will respond as soon as relevant information is available,” Xiaomi India customer care replied.

    A few months back, the office of the Doctorate General of Military Operations of the Indian Army had issued a similar alert of security threat from a Chinese mobile application. The Army went on to say that “every Internet company and telecom operator in China, both foreign and domestic, is held legally liable for all content shared through their platforms.”

    The Army has also claimed that the location-sharing feature of applications may be fraudulently used to track and target people, especially those working in defence, scientific, industrial research or other government sector.

    The development is a reminder of the scrutiny Chinese technology firms are subject to abroad, as governments become increasingly wary of potential cyber security threats from the world’s second-biggest economy.


    SOURCE : http://www.newindianexpress.com/the...Threat-says-IAF/2014/10/19/article2484248.ece

    By Pradip R Sagar
    Published: 19th Oct 2014 06:10:24 AM

    bharath likes this.
  2. asimpleson

    asimpleson Esperto

    Messages:
    2,998
    Heptanesia
    Linea 1.3
    It is such a great news that the country's defense take these issues seriously. This issue about Xiaomi was discussed before in gadgets section. So since majority cellphones are manufactured in China, don't other cellphones also need this scrutiny?
    Bala, bharath and jumu like this.
  3. avnsiva

    avnsiva Amatore

    Messages:
    140
    Chennai
    Well this is a lethargic and irresponsible behavior. U ll let a Chinese company to come and sell phones here...after thousands of Indians bought this phone, then u release this advice. More irresponsible is that the other ministries care a damn about this communiqué.
  4. royj

    royj Esperto

    Messages:
    1,306
    Trivandrum
    My understanding is that this "data theft" is related to the usage of MI Cloud for backing up of phone data. Since they are an Chinese company, their cloud servers are located in China.
    If you are not using the 10GB or so space provided and instead chose to used the 15GB from Google cloud, this issue may not rise.
    Bala, Italia-Linea and bharath like this.
  5. asimpleson

    asimpleson Esperto

    Messages:
    2,998
    Heptanesia
    Linea 1.3
    What about the section of the article where it states it belongs to a Government Admin. Agency. It is confirmed by other independent sources too and that such a move to send packet data without user intervention is gross infringement of basic user rights. However, there are tons of such things happening in corporate world for a long time with many big names already being accused of user data scanning or poaching raising security concerns for individuals, companies or nations too. Even most OSes including Android and many other popular OSes actively send data on regular basis. The trend however has started long back with propagation of personal and business computing. I own a couple of Dell Business/enterprise PC which has a feature within BIOS itself making the PC accessible to a certain service or company via WAN networks. Its just that if enabled by some hardware guys the end user would hardly know the vulnerabilities involved. :)

    //Quoting a reader from PhoneArena website who pointed out that the Chinese Government may be involved, the IAF note added, “According to the PhoneArena report, looking up the website of the company owning the IP address in the range 42.62.48.0-42.62.48.255 reveals that the website owner is www.cnnic.cn. CNNIC is the administrative agency responsible for Internet affairs under the Ministry of Information Industry of People’s Republic of China. It is based in the Zhongguancun high tech district of Beijing.”// -- What is this agency??
  6. Italia-Linea

    Italia-Linea Staff Member Janitor

    Messages:
    2,123
    Pune
    I do not understand the fuss about all this. Its a pity that IAF has done a half hearted investigation and issued some stupid circular. If they really have indepth knowledge of how android works they will realise that any damn app installed on any of the android phone can steal data if it really wants. Even true caller can hack phonebook details and even a camera app can gulp photo details.
    If a android developer puts in spy code in any of the games or apps you are compromised.

    XIOMI is a big brand and they understand the responsibility. They have clearly stated that only the Cloud option stores the data on Chinese servers- which too they have moved out.

    Do you really think US doesnt spy? Even a 16 year old hacker can break in thru the complex of the security servers.
  7. fiatlover

    fiatlover Esperto

    Messages:
    1,599
    Bangalore/Kasargod
    Bangalore
    Grande Punto 1.4
    As per IP tracker query, these IP addresses are owned by China Unicom, Chinese government-owned mobile operator, like BSNL in India. Source: http://en.wikipedia.org/wiki/China_Unicom
    asimpleson likes this.
  8. asimpleson

    asimpleson Esperto

    Messages:
    2,998
    Heptanesia
    Linea 1.3
    It is one thing to not be alarmists in every small situation, but not acknowledging potential threats towards security esp. within defense operations would be a bigger blunder. Agreed there a thousands of other ways in which espionage activities could be (are being) carried out, but when we find one hole lets try acknowledge it and perhaps fix it, rather than downplaying everything. The west is also wary of China and their cyber attacks and such, any reason we shouldn't, do we share a pleasant history with them?

    And talking of apps, why does a company plan to hard-code this stuff in their phone, when software could do it similarly? Just for the sake of discussion.
    Last edited: Oct 29, 2014
  9. fiatlover

    fiatlover Esperto

    Messages:
    1,599
    Bangalore/Kasargod
    Bangalore
    Grande Punto 1.4
    A friend of mine working in the army told me that they are forbidden to use portable storage devices (pen drives included) in office PCs. The worry is not just about copying content to storage devices but also about 'hidden' scripts and software in the device itself. Little matters whether it is a mobile phone, PC, or a pen drive.

    End of the day, anything cab be stolen...
    http://threatpost.com/flaw-in-android-browser-allows-same-origina-policy-bypass/108265
    Last edited: Oct 29, 2014
  10. Italia-Linea

    Italia-Linea Staff Member Janitor

    Messages:
    2,123
    Pune
    But IAF is really funny, here is the backout from them
    http://www.gogi.in/iaf-clarified-advisory-old-no-ban.html

    IAF had issued a medium alert with reference to Chinese phones about 4 months back and there was no ban as such. The IAF personals are free to use Chinese phones but with caution. Interestingly the advisory itself is 4 months old, even before Xiaomi had started selling their smartphones in India.

    Xiaomi had also clarified that they do not store info without user permission. There are certain features on the smartphone like the cloud services / OTA updates that need a server. Xiaomi had also mentioned that they are shifting servers from China to US and will be having a dedicated server in India itself in 2015. This step will not only improve user experience (faster downloads / uploads) but also take care of such issues that some may not be comfortable with.

    An IAF personal stated (to Indian Express) that it is an old advisory and not really a ban. There are no restrictions for IAF personals regarding use of any phone or any brand as such. Moreover IAF does not keep track of any smartphones / brand – the Advisory is nothing serious.

    IAF have started using their own network based cell phones – so technically they are not using the mobiles / networks that are available for common users.

    So the Xiaomi smartphones are not really a threat for common users, but still a threat to other Mobile manufacturers specially when it comes to aggressive pricing.

Share This Page