China’s Xiaomi Proven to Covertly Contact Beijing out of the Box
Posted by w_thames_the_d on August 10, 2014
China’s Xiaomi blatantly knocks off Apple everything.
From its phones to tablet and even Jobs, may he rest in peace.
Based on its Apple love and mimicry even down to aping the same product lines, it seems as if Xiaomi proves that if nothing else, China truly cannot innovate.
While cribbing Apple seems relatively harmless, data theft is not. It has been claimed then proven that out of the box, Xiaomi’s Redmi phone is doing just that. As soon as you charge your Redmi, it establishes a connection with Chinese servers which are not part of a could computing system. These servers allegedly are part of Beijing’s internet monitoring apparatus.
So far Xiaomi’s response has been muted behind claims that they ‘comply with local laws’.
I guess we should not be surprised by a company whose mascot is. Bunny dressed like a Chinese soldier.
Pic and story from here
Report on how Xiaomi covertly connects with China:
Xiaomi phones have made the news off and on in the last few months for their cheap, value for money phones and corporate moves. More recently, there were also reports that these popular devices also silently sent out user details to a remote server. That news came on the heels of other reports of smartphones being pre-installed with suspect apps.
We thought we’d take a quick look into this, so we got our hands on a brand new RedMi 1S:
We started with a ‘fresh out of the box’ test, so no account setup was done or cloud service connection was allowed. Then we went through the following steps:
• Inserted SIM card
• Connected to WiFi
• Allowed the GPS location service
• Added a new contact into the phonebook
• Send and received an SMS and MMS message
• Made and received a phone call
We saw that on startup, the phone sent the telco name to the server api.account.xiaomi.com. It also sent IMEI and phone number to the same server:
The phone number of contacts added to the phone book and from SMS messages received was also forwarded.