At the Ground Zero Conference this year an independent Taiwanese security researcher, Chen Huang is going to demonstrate that Xiaomi handsets are sending data to Chinese servers.
According to the session abstract posted on the official Ground Zero Conference website the researcher “will demonstrate how Xiaomi Phones have been sending device data and personal data of Xiaomi Phone user to Chinese Servers.”
The abstract also says that Huang will also release Server Logs, Mi account username, emails and passwords of millions of Xiaomi users which have been obtained using a zero day flaw in the Xiaomi servers.
According to TheHackerNews “after getting selected as a speaker for the conference, reportedly the talk has been pulled out from the conference within a day.” But since the list of Keynote Speakers 2014 is on the website showing the name of the researcher, we believe that the researcher is speaking at the Conference.
The Gorund Zero Conference 2014 about information Security Conference will be taking place in India from November 11 to 13, 2014.
Xiaomi says the researcher is threatening
According to TheHackerNews Xiaomi has said that the researcher is actually threatening the company. In an email statement with the news portal, Xiaomi has said “Chen Huang has recently threatened to expose data from the old user account file during a session at the upcoming Ground Zero Summit 2014, falsely claiming it to be data compromised through an existing vulnerability. This is a grave accusation, as we take our users’ privacy very seriously, and we will seek legal action against the involved parties.”
Xiaomi hit controversy in India
Xiaomi enjoyed great success in India with its Mi3 and later RedMi 1S selling in huge numbers via flash sales. But the company met harsh waters this month when the Indian Air Force (IAF) issued a note to those in air force and their family members saying “Smartphones and note books manufactured by Xiaomi have been found to send users’ private data from these devices to servers based in Beijing.”
This was based on July new report by PhoneArena reporting RedMi Note sending photos and texts to a server located in Beijing. A user in Hong Kong claimed that the device has connected with an IP address in China.
Soon after which Xiaomi VP Huga Barra responded with a post saying the company is “fully committed to storing our users’ data securely at all times”. He also announced that the company will work with “local data center providers” to set up its service infrastructure (that is servers) to improve its services for India.
But the news made little impact on the sale of 60,000 units on the 28th October which also out of stock in not time. The company is planning to get 1 lakh units on 4th November for the ninth round of flash sales.
After this the IAF this week clarified that the advisory against using phones from this Chinese brand was about “four to five months old”. It further said that this was not related to issuing a ban on sale of the device, but was just an cautionary note