Lithuania's National Cyber Security Centre, an agency within the country's Ministry of National Defence, has warned companies and individuals of smartphone security risks following an investigation of devices manufactured by Huawei, Xiaomi, and OnePlus.
As its report explains, security experts working for Lithuania's NCSC examined the Huawei P40 5G, the Xiaomi Mi 10T 5G, and the OnePlus 8T 58 - noting that the three manufacturers held leading positions in the smartphone market.
The researchers discovered four cybersecurity concerns with the Huawei and Xiaomi smartphones, including two relating to pre-installed apps and one involving the leakage of personal data.
What the researchers further discovered, however, was that the Xiaomi phones appeared to also be equipped to censor users' freedom of expression.
According to the report, during the installation of system apps the Xiaomi Mi 10T would contact a server based in Singapore, and download a list of 449 words and phrases that could be censored and blocked.
Some of the phrases, which are listed in the blocklist in Chinese characters, translate as "Free Tibet," "Voice of America," "Democratic Movement", "89 Movement," and "Long Live Taiwan Independence."
A Xiaomi spokesperson said that the company's smartphones do not censor communications, and that Xiaomi "has never and will never restrict or block any personal behaviors of our smartphone users, such as searching, calling, web browsing or the use of third-party communication software. Xiaomi fully respects and protects the legal rights of all users. Xiaomi complies with the European Union's General Data Protection Regulation (GDPR)."
The researchers acknowledge that the functionality is deactivated in "the European Union region," but they suggest that it would be simple for the list to include phrases in other languages to target non-Chinese speaking users.
Furthermore, the investigation underlined that the censorship functionality can be activated remotely by the manufacturer:
It is believed that the existence of such functionality may jeopardise free access to information and limit its accessibility. It can be said that this is important not only for Lithuania, but also for all countries using Xiaomi devices.
The investigation found no problems with smartphones manufactured by OnePlus.
Lithuania's Deputy Defense Minister, Margiris Abukevicius, gave a stark warning in a statement to the press:
"We strongly recommend that state and public institutions not use those devices and plan to initiate legislation which regulates acquiring certain devices for the ministries and various state agencies... people should also know what's inside these phones, about the certain software and consider safety before making their decision."
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsNovember 14, 2024
September 06, 2024