Updated Lithuania's National Cyber Security Centre has told its citizens to get rid of Xiaomi-made mobile devices amid fears that the Chinese company could remotely enable censorship tools.
In an audit it published yesterday [PDF] the agency called out Xiaomi's Mi 10T 5G phone handset firmware for being able to censor terms such as "Free Tibet", "Long live Taiwan independence" or "democracy movement".
Defence Deputy Minister Margiris Abukevicius told reporters at the audit's release: "Our recommendation is to not buy new Chinese phones, and to get rid of those already purchased as fast as reasonably possible."
Although the censorship setting was disabled for phones sold into the manufacturer's "European region", the Lithuanian NCSC said (page 22):
It has been established that during the initialisation of the system applications factory-installed on a Xiaomi Mi 10T device, these applications contact a server in Singapore at the address globalapi.ad.xiaomi.com (IP address 188.8.131.52) and download the JSON file MiAdBlacklistConfig, and save this file in the metadata catalogues of the applications.
That file contained a list of more than 400 terms, including "free Tibet", "89 Democracy Movement" (a reference to Tiananmen Square) and "long live Taiwan's independence".
The local security agency's 32-page report, titled "Assessment of cybersecurity of mobile devices supporting 5G technology sold in Lithuania", focused on devices from Xiaomi, Huawei and OnePlus.
- GOP lawmakers ask for former Huawei handset biz Honor to be placed the Entity List
- Xiaomi builds a robot dog out of smartphone cameras and an Nvidia edge AI board
- Xiaomi parties like a winner after coming second on world smartphone sales charts
- Biden expands Chinese tech and military blocklist to 59 companies
"It is believed that this functionality allows a Xiaomi device to perform an analysis of the target multimedia content entering the phone; to search for keywords based on the MiAdBlacklist list received from the server," said the Lithuanian report.
"Once the device determines that the content contains certain keywords, the device performs filtering of this content and the user cannot see it. The principle of data analysis allows analysis not only of words written in letters; the list that is regularly downloaded from the server can be formed in any language."
The agency said the censorship could be remotely re-enabled at any time by Xiaomi.
Huawei was mildly criticised in the report for its factory-loaded software directing users of its P40 5G handsets to unofficial app stores, while OnePlus was not criticised at all.
Xiaomi has not yet commented on the findings. ®
Updated at 15.33 BST on 23 September to add
A spokesperson at Xiaomi sent us a statement:
"Xiaomi’s devices do not censor communications to or from its users. Xiaomi has never and will never restrict or block any personal behaviors of our smartphone users, such as searching, calling, web browsing or the use of third-party communication software. Xiaomi fully respects and protects the legal rights of all users. Xiaomi complies with the European Union’s General Data Protection Regulation (GDPR)."