After raking controversy with claims that an expert was going to show how phonemaker Xiaomi was sending user data to servers in China, the much-publicised session at a cyber security event here did not take place today after getting cancelled at the last moment.
While Xiaomi dismissed these claims as a ‘hoax’, the organisers of the event said that the session was cancelled after a Delhi High Court order on a plea by the Chinese phonemaker.
“We cancelled session of cyber security expert, Cheng Huang, following a Delhi Hight court order on plea filed by Xiaomi. This was an opportunity for Xiaomi to come out clean of all the allegations that have been levelled on them but I think they missed it,” Indian Infosec Consortium CEO Jiten Jain, organiser of the summit, said at the event.
The website of the summit, which ended today, had mentioned that Huang “will demonstrate how Xiaomi phones have been sending device data and personal data of Xiaomi phone user to Chinese servers. The Researcher will also release Server Logs, Mi Account username, Emails and passwords of millions of Xiaomi users which have been obtained using a Zero Day flaw in the Xiaomi Servers.”
The court order restrained Huang from releasing details of Xiaomi which he claimed to have accessed from company’s server at the event, Jain said.
When contacted, Xiaomi’s Head of India Operations Manu Jain said that the company has verified that the zero-day data breach allegation made earlier by security researcher Chen Huang is a hoax.
Jain added that Huang had threatened to expose data from an old Xiaomi user account file during a session at the Ground Zero Summit 2014, making deliberately false and defamatory claims that the data was compromised through an existing vulnerability.
“We have therefore taken the necessary legal action and successfully obtained a court order to prevent Chen Huang from taking the stage to publicise untruths with the sole aim of damaging Xiaomi’s reputation,” Jain said.
Xiaomi, which plans to set up a server in India, is now world’s third largest smartphone maker after Samsung and Apple, as per the latest IDC report.
The company said that user privacy is a serious matter for Xiaomi and it does not “collect or store users’ personal information without users’ consent, and we take numerous steps to ensure that any data we collect is transferred and stored securely.”