Lithuania says built-in cybersecurity risks found in Chinese-made Xiaomi and Huawei phones

 

September 22, 2021

 


A person checks out the new Xiaomi Mi 9 mobile phone ahead of the Mobile World Congress (MWC 19) in Barcelona, Spain, February 24, 2019. REUTERS/Rafael Marchante/File Photo

 

By The Associated Press

 

VILNIUS, Lithuania — Lithuanian cybersecurity experts are urging the country’s government agencies to abandon the use of Chinese-made smartphones after an investigation identified security vulnerabilities and censorship concerns with certain devices. Lithuania’s National Cyber Security Center said it found four major cybersecurity risks for devices made by Huawei and Xiaomi, including two relating to pre-installed apps and one involving personal data leakage, and warned against using these two brands.

There’s also the risk of possible restrictions on freedom of expression with Xiaomi phones, which contain a content-filtering feature for 449 keywords or groups of keywords in Chinese characters. The center warned the function could be activated at any time and did not rule out the possibility that words using Latin characters could be added. According to the Lithuanian report, apps receive updated lists of censored words and phrases and are capable of blocking them.

The phrases include “Free Tibet,” “Voice of America,” “Democratic Movement” and “Long Live Taiwan Independence.” Although the content-filtering feature was disabled and no censorship was performed on the phones the Lithuanian center inspected, the center warned the function could be activated at any time.

A Huawei representative in China referred CBS News to a previous statement issued to media outlets, saying simply that the company’s phones do not send user’s data externally.

A Xiaomi spokesperson told CBS News that the company’s “devices do not censor communications to or from its users. Xiaomi has never and will never restrict or block any personal behaviors of our smartphone users, such as searching, calling, web browsing or the use of third-party communication software. Xiaomi fully respects and protects the legal rights of all users. Xiaomi complies with the European Union’s General Data Protection Regulation (GDPR).”

The cybersecurity center, which is a Defense Ministry agency, also investigated phones made by another Chinese company, OnePlus, but found no problems.

“We strongly recommend that state and public institutions not use those devices and plan to initiate legislation which regulates acquiring certain devices for the ministries and various state agencies,” Deputy Defense Minister Margiris Abukevicius said Wednesday.

More than 200 public authorities have purchased such phones, and over 4,500 phones are in use, “which, in our opinion, increases the risks,” Abukevicius said. He didn’t specify the makes of all the phones.

The center’s investigation, released Tuesday, was done “to ensure the safe use of 5G mobile devices sold in our country and the software they contain,” he said.

Also, ordinary “people should also know what’s inside these phones, about the certain software and consider safety before making their decisions,” the minister said.

The Beijing-based Xiaomi, known for its value-for-money devices, became the world’s No. 2 smartphone maker by sales this year, trailing only Samsung. The company was put on a U.S. Defense Department blacklist in the last few days of the Trump administration, which accused it of links to China’s military. It was later removed after suing the U.S. government and denies having any links with China’s People’s Liberation Army.

The move comes amid tensions between Lithuania and China.

Earlier this month, Lithuania recalled its ambassador to China following the Baltic country’s decision in July to allow Taiwan to open an office in its capital under its own name. In August, China recalled its ambassador to Lithuania and told the Baltic nation to “immediately rectify its wrong decision.”

China says Taiwan is part of its territory and doesn’t have the right to diplomatic recognition, although the island maintains informal ties with all major nations through trade offices, including in the United States and Japan. Chinese pressure has reduced Taiwan’s formal diplomatic allies to just 15.

Taiwan and Lithuania agreed in July that the office in the capital, Vilnius, set to open this fall, will bear the name Taiwan rather than Chinese Taipei – a term often used in other countries in order not to offend Beijing. On Wednesday, Lithuania said it was sending another 236,000 COVID-19 vaccines to Taiwan.

 

Leave a Reply