[ad_1]
“This study was started in order to guarantee the safe use of 5G mobile devices sold in Lithuania and the software they contain in our country. Three Chinese manufacturers were selected that have been offering 5G mobile devices to Lithuanian consumers since last year and that the international community has identified as presenting certain cyber security risks, ”said Margiris Abukevičius, Deputy Minister of National Defense.
The study identified 4 key cybersecurity risks. Two refer to the devices installed in the manufacturer’s devices, one to the risk of personal data leakage and the other to possible restrictions on freedom of expression. Three risks were identified on the Xiaomi device, one on Huawei, and no cybersecurity vulnerabilities were identified on the OnePlus mobile device.
Risks for gadget makers
When analyzing the performance of Huawei’s 5G smartphone, the researchers found that the device’s official App Store, installed on the device, automatically redirects it to third-party emails if it cannot find the application that the user wants. stores where some gadget antivirus programs have been rated malicious or infected with viruses.
Researchers have also attributed cybersecurity risks to Xiaomi’s Mi Browser. It uses not only the common Google Analytics module in other browsers, but also Chinese Sensor Data, which periodically collects and sends up to 61 parameter data about actions performed on the user’s phone.
“In our opinion, this is really redundant information about user actions. The fact that this rich statistical information is sent and stored in an encrypted channel on Xiaomi’s servers in third countries, where the General Data Protection Regulation does not apply, also represents a risk ”, says Dr. Tautvydas Bakšys.
There may be restrictions on freedom of expression
By analyzing the performance of the Xiaomi device, the researchers found that it had the technical ability to censor downloaded content. Even various manufacturer devices on your phone, including My Browser, periodically receive the list of blocked keywords from a manufacturer. When it detects that the content you want to send contains words in the list, the device automatically blocks that content.
At the time of the study, the list included 449 keywords or groups of keywords in Chinese characters, such as “Free Tibet”, “Voice of America”, “Democratic Movement”, “Longing for Taiwan Independence” and more.
“We found that the content filtering function was disabled on Xiaomi phones sold in Lithuania and did not perform content censorship, but the lists were sent periodically. The device has the technical ability to activate this filtering function remotely at any time without the user’s knowledge and start to analyze the downloaded content. We do not rule out the possibility that the list of blocked words can be compiled not only in Chinese but also in Latin characters “, says T. Bakšys.
Risk of personal data leakage
The risk of personal data leakage on a Xiaomi device has been identified when a user chooses to use the Xiaomi Cloud service on the Xiaomi device. To activate this service, an encrypted SMS log message is sent from the device, which is not saved anywhere later.
“The researchers could not read the content of this encrypted message, so we cannot tell you what information the device sent. This automated sending of messages and the concealment of its content by the manufacturer poses potential threats to the security of personal data. of the user, since without his knowledge, data of unknown content can be collected and transmitted to servers in third countries “, says T. Bakšys.
Why these manufacturers
2020 Chinese manufacturers Huawei, Xiaomi and OnePlus have introduced 5th generation 5G mobile smartphones to the Lithuanian market. According to the Common Exposures and Vulnerabilities database, cybersecurity risks have been identified at all of these manufacturers’ facilities for four years. OnePulse is a vulnerability that affects third-party applications that send SMS messages, even when the mobile device is locked.
Cybersecurity assessment of mobile devices supporting 5G communication technology supplied in Lithuania can be downloaded from here.