23 October 2014

Chinese Smartphones a Security Threat, says IAF

By Pradip R Sagar 
19th Oct 2014 

NEW DELHI: China-based leading smartphone manufacturer Xiaomi, which recently marked a successful entry into the Indian market, is allegedly a security threat. It has been accused by the Indian Air Force (IAF) of sending user data to remote servers located in China. Simply put, it is a charge that amounts to spying.

In an alert issued to air warriors and their family members, the IAF has claimed that smartphones and note books manufactured by Xiaomi have been found to send users’ private data from these devices to servers based in Beijing. The IAF alert, accessed by The Sunday Standard, has come with ‘medium’ severity rating, which is considered serious according to an IAF official.

The same company is also facing an investigation in Taiwan for alleged cyber security threat last month and the Taiwan government is in the process of taking decision to ban the company.

The IAF note, which was prepared by the intelligence unit based on the inputs from Indian Computer Emergency Response Team (CERT-In), has also mentioned cases of Xiaomi mobile phones sending users’ data to its masters in China.

“F-secure, a leading security solution company, recently carried out a test of Xiaomi Redmi 1s, the company’s budget smartphone, and found that the phone was forwarding carrier name, phone number, IMEI (the device identifier) plus numbers from address book and text messages back to Beijing,” the IAF note says.

While mentioning another incident, the IAF note says, “A Hong Kong-based mobile phone user claims to have tested the Redmi Note smartphone and found it was automatically connected to an IP address hosted in China. The data transmitted included photo in media storage and SMSs also.”

Quoting a reader from PhoneArena website who pointed out that the Chinese Government may be involved, the IAF note added, “According to the PhoneArena report, looking up the website of the company owning the IP address in the range 42.62.48.0-42.62.48.255 reveals that the website owner is www.cnnic.cn. CNNIC is the administrative agency responsible for Internet affairs under the Ministry of Information Industry of People’s Republic of China. It is based in the Zhongguancun high tech district of Beijing.”

Therefore, the IAF in its alert to all of its Commands and Squadrons has stated that air warriors and their family members are advised to refrain from using these mobile devices.

When this paper sought the company’s response, a representative from Xiaomi replied that they will respond as soon as relevant information is available. “Your mail has been forwarded to the relevant colleagues for their appropriate handling. We will respond as soon as relevant information is available,” Xiaomi India customer care replied.

A few months back, the office of the Doctorate General of Military Operations of the Indian Army had issued a similar alert of security threat from a Chinese mobile application. The Army went on to say that “every Internet company and telecom operator in China, both foreign and domestic, is held legally liable for all content shared through their platforms.”

The Army has also claimed that the location-sharing feature of applications may be fraudulently used to track and target people, especially those working in defence, scientific, industrial research or other government sector.

The development is a reminder of the scrutiny Chinese technology firms are subject to abroad, as governments become increasingly wary of potential cyber security threats from the world’s second-biggest economy.

No comments: