Expert claims hacking Xiaomi server, firm calls it hoax

Written by PTI | New Delhi | Updated: Oct 31 2014, 13:23pm hrs
XiaomiXiaomi is now world's third largest smartphone maker after Samsung and Apple, as per the latest IDC report. (Reuters)
A Taiwanese cyber security expert has claimed to have compromised server of China based smartphone maker Xiaomi but the company called it a hoax.

"Chen Huang is an independent Taiwanese Security Expert. Session Abstract: In this session Taiwanese Researcher will demonstrate how Xiaomi Phones have been sending device data and personal data of Xiaomi Phone user to Chinese Servers," said the website of Ground Zero Summit.

"The Researcher will also release Server Logs, Mi Account username, Emails and passwords of millions of Xiaomi users which have been obtained using a Zero Day flaw in the Xiaomi Servers," the webpage added.

Xiaomi is now world's third largest smartphone maker after Samsung and Apple, as per the latest IDC report.

When contacted, Xiaomi' Head of India Operations Manu Jain said: "We have verified that the zero-day data breach allegation made by security researcher Chen Huang and the Ground Zero Summit organising committee reported by The Hacker News on October 30, 2014 is a hoax."

Jain said that the zero-day vulnerability reported by the cyber security researcher Chen Huang is a deliberate falsehood and Xiaomi is taking the necessary legal action against the parties involved.

Jain in his reply admitted that the company's user account file was leaked in May this year.

"To date, throughout Xiaomi's history, there has only been one incident in which a two-year-old user account file was leaked in May 2014," Jain said.

He said that leaked information was from user accounts registered before August 2012 in an old version of the Xiaomi user forum website.

Meanwhile, organisers of the summit, which is to be held here next month, said that they have put Cheng's session on hold till the time Xiaomi completes its investigations.

"Xiaomi representatives contacted and requested us regarding the session. We have decided to withhold session till the time Xiaomi investigates data breach and accusations and works with the researcher to fix it," Indian Infosec Consortium CEO Jiten Jain said.

The summit's website shows former chief of Indian Army and Minister of State for Development of North Eastern Region General VK Singh, Home Ministry Joint Secretary Nirmaljeet Singh Kalsi, Enforcement Directorate Special Director Karnail Singh and NTRO Director of Cyber Security Operations Alok Vijayant will be among key speakers.

Xiaomi entered the Indian market in July through tie-up with e-Commerce major Flipkart. It is estimated that the firm has sold over 1.5 million devices so far.

Earlier, Indian Air Force had issued an advisory asking its personnel and their families to desist from using Chinese 'Xiaomi Redmi 1s' phones as they are believed to be transferring data to their servers in China and could be a security risk.

However, Xiaomi said the company collects data only with the user's permission to offer specific services like cloud and will set up a server in India next year.