[ad_1]
Forbes sends a warning about Xiaomi. The online publication draws the public to exclusive material that explains how Xiaomi records users’ private activity. “It’s a back door with phone functionality.”, says cybersecurity researcher Gabi Cirlig about her Xiaomi phone.
Cirlig talks to Forbes after discovering that her Redmi Note 8 tracks much of what she does on the phone. He claims that his usage data was sent to remote servers hosted by Alibaba. Furthermore, it claims that these Alibaba servers were apparently rented by Xiaomi.
Cirlig says what he found is troubling. It appears that various types of data have been collected from your mobile device. Therefore, it is feared that his identity and privacy were exposed to the Chinese company.
->
When you searched the web from Xiaomi’s default browser, you found that it recorded all the websites you had visited. There were also questions about whether he used the Google search engine or DuckDuckGo. Even stranger is that each article seen in a news source of the Xiaomi software was recorded.
Apparently the user was tracked even when he had activated incognito mode.
Your phone even recorded the documents you opened and what screen to swipe on, the status bar, and page settings. All of this data was sent to servers in Singapore and Russia. While the web domains they hosted were registered in Beijing.
Xiaomi warning: cybersecurity researcher Andrew Tierney investigates
He found that even the Xiaomi browsers on Google Play, Mi Browser Pro, and Mint Browser collected the same data. Together, they reached 15 million downloads, according to Google Play statistics.
According to Cirlig, many millions of users could be affected. “It is a serious privacy problem!”, describes to the investigator what is happening. Valued at $ 50 billion, Xiaomi is one of the top 4 smartphone manufacturers in the world.
Xiaomi sells a lot because it has managed to offer users cheap devices with high-end phone functions. But for those consumers, the low cost could hide a higher price: that of intimacy.
Cirlig believes the problems could affect more models than the Redmi Note 8. He has downloaded firmware for other Xiaomi phones. Models include Xiaomi Mi 10, Redmi K20, and Mi MIX 3. Then he confirmed that they all had the same browser code. This led him to suspect that they had the same privacy concerns.
Although Xiaomi claims that the data was encrypted when it was transferred in an attempt to protect user data, Cirlig found that she could easily see what data was transferred from her device. This was possible by decoding information that was hidden known as base64.
It took just a few seconds for Cirlig to change the shredded data into pieces of readable information.
What you comment Xiaomi
“Investigative claims are false.” and “Privacy and security are our main concern.” adding that “Strictly follow and fully comply with local laws and regulations regarding the confidentiality of user data.”
At the same time, a Xiaomi spokesperson confirmed that Xiaomi collects browsing data. He claims that the information was anonymized, so it is not related to any identity. It also adds that users have agreed to such monitoring.
However, according to Cirlig and Tiernet, not only the search data on the site and in the search engine was transmitted on the servers. Xiaomi also collected phone data, unique numbers to identify the specific device, and the Android version. Cirlig said how about “metadata“Could be “Slightly correlated with a real man behind the screen.”
The Xiaomi representative denied that the browsing data was recorded incognito. However, both Cirlig and Tiernet have demonstrated through their independent tests that browsing habits are sent to remote servers.
Forbes sent Xiaomi a video in which Cirlig exemplifies how her incognito story on adult sites was recorded and sent to remote servers.
Still, Xiaomi denies it. “This video shows the anonymous collection of browsing in incognito mode. It is one of the most common solutions adopted by Internet companies to improve the browsing experience by analyzing information that cannot be associated with a person.” says the company representative.
Towards the end of the investigation, Cirlig discovered that Xiaomi’s music app on her phone was gathering information about her listening habits. A message was clear to the researcher: When you listen, Xiaomi listens.
Xiaomi published a blog post that describes how and when it collects the URLs visited by its users. The company reiterated that the data transferred from Xiaomi devices and browsers has been anonymized and is not linked to any identity.
Subscribe to YouTube Noobz | Follow us on Instagram | I like Facebook Noobz
