Lithuanian Ministry Bashes Xiaomi and Huawei for Undocumented Functionality

  • The National Cybersecurity Center of Lithuania has conducted a study to uncover undocumented functionality on Chinese phones.
  • The brands that were looked into include Huawei, Xiaomi, and OnePlus, using last year 5G models.
  • Xiaomi was deemed the most risky, followed by Huawei, while nothing was discovered on OnePlus.

The National Cybersecurity Center under the Ministry of National Defense in the Republic of Lithuania has decided to investigate the potential existence of undocumented functionality in 5G smartphones made by Xiaomi, Huawei, and OnePlus, all Chinese brands.

The Ministry states those three were picked for the sole reason of having an unusually large number of vulnerabilities and exposures on the MITRE database, indicating a lack of proper security practices at the facilities where software for their products is developed, if not something worse.

The device models that were looked into are the following:

  • Huawei P40 5G
  • Xiaomi Mi 10T 5G
  • OnePlus 8T 5G
Source: kam.lt

As the Deputy Minister of National Defense in Lithuania Margiris Abukevičius stated:

This study was initiated in order to ensure the safety of using 5G mobile devices sold in Lithuania, and more specifically the software contained in them. Three Chinese manufacturers who have been offering 5G mobile devices to Lithuanian consumers since last year and who have been identified by the international community as posing certain cyber security risks have been selected for this.

The risks that were identified in this study are the following:

  • Huawei’s app store automatically redirects users to arbitrary locations when app search results come back empty. Oftentimes, the redirection points to downloading an antivirus program that has been rated as malicious.
  • Xiaomi’s Mi Browser uses the Google Analytics module together with the Chinese Sensor Data that collects 61 device action parameters periodically and sends them to Xiaomi’s servers.
  • Xiaomi Cloud was found to be sending an encrypted SMS message upon the user registration on the service, which is then hidden but can be accessed by forensic experts of hackers in the future. This message contains sensitive device information as well as personal data.
  • Xiaomi can technically censor downloaded content, and some of the in-built apps like the Mi Browser regularly receive a block keyword list from the manufacturer. At the time of the study, the list was 449 keywords long, including “Free Tibet," "Voice of America," "Democratic Movement," "Longing Taiwan Independence”, and many more. In Lithuania, this blocking was disabled, but the vendor may enable it remotely at any time, as the system is still there.

Notably, no flaws, dangers, or risks were identified on OnePlus devices in this study.

Latest
How to Watch World Cup 2022 Online: Live Stream Soccer Matches for Free from Anywhere
It was the Kylian Mbappe show as France booked their place in the quarterfinals of the 2022 FIFA World Cup with a...
Monday Night Football Live Stream: How to Watch Online From Anywhere
Love the NFL? Want to catch all the action of the most exciting games but don't know how to do it? You're...
How to Watch Barmageddon Online: Stream the Blake Shelton & Carson Daly Game Show From Anywhere
This December, get ready to be entertained by the latest upcoming celebrity game show, Barmageddon. The great news is that you will...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari