Security Firm Shows Xiaomi Smartphones Do Secretly Steal Your Data

Discussion in 'Technical' started by sec_monkey, Aug 10, 2014.

  1. sec_monkey

    sec_monkey SM Security Administrator

    Finnish security firm F-Secure has seemingly proven that Xiaomi smartphones do in fact upload user data without their permission/knowledge despite the company strongly denying these allegations as late as 30 July.

    Security Firm Shows Xiaomi Smartphones Do Secretly Steal Your Data via slash
  2. Motomom34

    Motomom34 Monkey+++

    Never heard of a Xiaomi smartphone. Just another reason why I do not need or want a smart phone.
  3. sec_monkey

    sec_monkey SM Security Administrator

    It is a Chinese Android clone and this is definitely not limited to Xiaomi.
  4. sec_monkey

    sec_monkey SM Security Administrator

    Following up an earlier story here on Slashdot, now Xiaomi has apologized for collecting private data from its customers. From the article: "Xiaomi Inc said it had upgraded its operating system to ensure users knew it was collecting data from their address books after a report by a computer security firm said the Chinese budget smartphone maker was taking personal data without permission. The privately held company said it had fixed a loophole in its cloud messaging system that had triggered the unauthorized data transfer and that the operating system upgrade had been rolled out on Sunday. The issue was highlighted last week in a blog post by security firm F-Secure Oyg. In a lengthy blogpost on Google Plus, Xiaomi Vice President Hugo Barra apologized for the unauthorized data collection and said the company only collects phone numbers in users' address books to see if the users are online."

    @Xiaomi [flm]
  5. DarkLight

    DarkLight Live Long and Prosper - On Hiatus

    This behavior by a (actually ANY Chinese) company now run by a former Google (remember "Do no evil!") exec surprises us why?
    AmericanRedoubt1776 likes this.
  6. -06

    -06 Monkey+++

    Data collection seems to be the craze of the marketplace and gub agencies today. Anything put on electronics today is subject to eavesdropping, copying, and possibly being used against us. When that enter key is punched that info no longer stays in your computer but goes into the "cloud" for storage. It no longer is your personal property or retained by you.
    AmericanRedoubt1776 likes this.
  7. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Only if you use a "Cloud".... Myself I NEVER use offsite Storage, for ANYTHING, connected to my Network. Never have, Never will.....
    AmericanRedoubt1776 likes this.
  8. DarkLight

    DarkLight Live Long and Prosper - On Hiatus

    @BTPost - I think the point is valid though and yes, you do, just not in the "cloudy" sense. If you send email, even through your own server, it eventually traverses Al Gore's Interwebs and it can be caught and analyzed. If you visit a website that you don't own on your personal device, you traverse Al Gore's Interwebs can be caught and analyzed. I know you know this, I'm not poking, but you are splitting hairs on semantics. At this point in the lifecycle of the Internet (and yes, it may actually get far worse), very little is secure and or unseen. The ONLY things that can even be possibly considered secure are those things that you encrypted offline, on a device that has never been connected, copied via offline methods to an online device (usb, cd-rom, etc) and sent out...and possibly bitmessage (speaking of which, I need to set that up again). TOR is suspect, HTTPS is suspect, PGP/GPG on a connected device has the potential to be suspect (although much less so).

    Again, you know this and I know you know this, but don't get hung up on the word cloud. 5 years ago it was ALL the Internet, regardless of the mechanism for storage (FTP, Web Site, Torrents, whathaveyou). They are all just mechanisms for storing and transferring information via the net. Cloud is just a buzz-word and formalized arrangement for keeping your stuff in one place, but even that is a joke because the servers are all distributed.

    This reminds me of a discussion my wife and I were having but that's enough derail for one post. :)
    AmericanRedoubt1776 likes this.
  9. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    When your ready PM me, for my bitMessage Address.... No problem...
  10. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

    I have a guy at work who is the IT guy for the company. He is the phone liaison pointman for our company phones.
    I know he can read all my IM's in fact I caught him doing so, and called him out for it. But every IM thread runs through his computer. I don't know about my emails. They are mirrored on my company cell phone. I may need to encrypt just to have some privacy.
  11. AmericanRedoubt1776

    AmericanRedoubt1776 American Redoubt: Idaho-Montana-Wyoming Site Supporter+

    That's why I only have a dumb phone and don't use Gmail or Yahoo mail and stick with DuckDuckGo.

    Well spoken @DarkLight
survivalmonkey SSL seal warrant canary