Margiris Abukevicius, the Deputy Defense Minister of Lithuania (pictured) has recommended that owners of Chinese mobile phones dispose of them ‘as fast as reasonably possible’ following damning research conducted by Lithuanian cybersecurity experts, reports Reuters. He followed up by taking to Twitter to call for international cooperation to restore trust in comms technology.
Biggest #CyberSecurity news this week – #Lithuania 🇱🇹 report on #China 🇨🇳 #mobilephones security risks. Momentum to build an international coalition to take actions against untrusted ICT products and go beyond #5G in reducing risky technological dependences. pic.twitter.com/w0EAoDq0qL
— Margiris Abukevicius (@AbukeviciusM) September 25, 2021
A study of various Chinese-manufactured mobile phones by Lithuania’s National Cyber Security Center found a number of issues relating to security and authoritarian control of users. The worst was the discovery of software on Xiaomi’s flagship Mi 10T 5G handset that can automatically censor phrases like “free Tibet”, “democracy movement” or “long live Taiwan independence”, effectively preventing users from searching for those terms or including them in messages. The software is not active on phones purchased in the European Union but could be remotely switched on at any time. The list of censored terms is also designed to receive updates from Xiaomi’s servers.
A statement from Xiaomi insisted they have never and will never impose any restrictions on users of their devices. This makes me wonder how stupid they think people are. Businesses do not waste time and money writing software that they never expect to execute. At best Xiaomi could sincerely argue they will obey the law in China and they will obey the law elsewhere, but this just highlights they make devices designed to satisfy the draconian requirements of a Chinese government intent on using technology to control what people say and think.
Lithuania’s National Cyber Center also reported that the Xiaomi phone sent encrypted phone usage data to a server in Singapore. Their study covered phones from other manufacturers too, and found that Huawei’s P40 5G handset had a security flaw that led users to be directed towards malicious applications. A representative of Huawei in the Baltics said their devices do not send user data externally. A Russian security researcher recently identified Chinese and Russian manufactured feature phones that send messages and data without the user’s knowledge.
Lithuanians are sensitive to the risk of cyberwarfare and interference with communications as a consequence of multiple attacks on the Baltic states that originated in Russia. The Russian invasion of the Crimea in 2014 was prefaced by widespread disruption of civilian electronic communications. Lithuanian caution contrasts with the complacency shown by many Western Europeans who seemingly have more faith in laws like GDPR than in the warnings given by cybersecurity experts. Some news coverage of Lithuania’s study plays down the national security aspect to the software installed on Xiaomi’s phones, and argues Xiaomi’s abuses are motivated by the same profit motives that also cause invasions of privacy by Western businesses. This is an absurd argument on the face of it. Whatever you may think of Xiaomi’s management team, it is fanciful to suggest they created software that scans for words like ‘free Tibet’ in order to make more money. The relationship between Chinese manufacturers and China’s government is apparent to anyone with eyes willing to see.