Chinese phones are now shipping with built-in data theft tools. With both espionage and data theft in mind, these Manchurian candidate mobiles send your sensitive data back to the Chinese (2) mainland (3). Chinese cell phones now pose a security risk to not only our government but to consumers as well.
Whether you like it or not, China’s Xiaomi Redmi phone covertly establishes a secure (4) connection with the Chinese government (5) in Beijing (6) and sends them copies of all your text messages and photos (7).
The Star N-9500 on the other hand, not only goes after your personal data, but cash and credit card information as well. Not satisfied with pilfering $300 billion (8) worth of our strategic secrets per year, these Chinese phones enable so much more.
Both the Xiaomi and N9500 apparently shipped with harmful software code or malware programmed into the firmware or digital circuitry. This malware is capable of stealing all of your secret info, accessing your camera and mic at will and shipping that data back to the mother ship in China.
Now you too can be a part in the single largest illegal wealth transfer in the history of mankind (9). By purchasing these phones, you will allow the Chinese to rob you blind.
History of Chinese Products With Shady Security
Years ago, Washington banned Chinese technology companies such as ZTE and Huawei from selling us their gear. Such products posed a security risk due to fears like those posed by the N9500; they could be compromised and send American secrets to Beijing.
In fact, it was proven that as far back as 2012 ZTE sold phones (10) with secret back door (11) access built into both American and British consumers. But this was only the tip of the iceberg. Washington’s fears that the Chinese government would use cell phones against us has come true.
Huawei and ZTE were suspect due to their opaqueness and connections to the communist party of China. Huawei employees, for example, have told me that the new research and development center in Beijing was gifted to the firm.
Perhaps I am being skeptical, but I would bet that Beijing wants a return on that investment/gift. Considering the background of Huawei’s founder, Ren Zhengfei, it makes sense he would lend the communist party a hand.
The Chinese army is where he got his start after all. In addition, after years of battling, Ren finally obtained membership into the communist party, a favor he may be on the hook for.
Beijing was drooling at the prospect of lining the halls of our government and military with national champions like Huawei and ZTE. China aggressively campaigned to tout their kit but logic prevailed and they were locked out from sensitive government applications.
Unfortunately many American consumers are ill-informed about the risk many made-in-China technology products pose. Both the Redmi and N9500 takes advantage of this naivete. As a consequence, tech carried by American citizens and used by our companies can be and are littered with corrupt code.
Many users online had earlier expressed their concerns about the Chinese government using manufacturers from the country to spy on users overseas.” (12)
What makes these phones more dangerous than the ZTE is that these devices steal data the minute they are plugged in. The ZTE phone had back doors which had to be accessed and are more easily detected. ZTE could only add malware after exploiting the hidden back door.
The same is not true of the Redmi and N9500 which are basically thieves in a box. The minute you connect to the Internet your data flows to China. All your personal information, messages and phone calls can be recorded.
Heaven forbid you share your credit card info with these beasts; if you do, you are toast. Then again, by merely accessing your online accounts with these cyber kleptos, you could give up your password, allowing some diligent Chinese hackers to go on a shopping spree at your expense.
To be fair, it was not proven that the Redmi phone was doing anything more than carbon copying Beijing’s communist party on all your text messages and photos, but not stealing personal data. But then again, no one is ruling that out either. The fact that the Redmi phone surreptitiously contacts Beijing’s net nanny is worrisome indeed. Unless of course, one does not mind the communist party being part of one’s cloud computing experience.
Experts have not determined just how much malicious code is built into the firmware of the Redmi phone. On the other hand, your China-made N9500 resides in your pocket, but all your sensitive data belongs to some hackers in China. As I said earlier, those Chinese can activate your camera, microphone and make calls on the device whenever they wish. By purchasing this tele-thief, you literally become an ATM/spy port for some nefarious Chinese cohort.
So good is the theft business that the Chinese are all but giving these phones away. The Chinese company uses use the proceeds from data theft to subsidize their manufacturing costs. Who says they cannot innovate?
The bad news is that the malware embedded in the N9500 cannot be removed. The nefarious software is part of the N9500 system which means you have two choices:
1 – toss it into the trash
2 – use it and accept the risks of data theft and snooping
Use one of these phones to plan your next ‘Free-Tibet’ rally and don’t be surprised if the next call (13) you receive is from a Beijing hit squad. Of course I am just kidding, or am I?
While I am unsure how far Beijing would go to suppress free speech in the States, I am sure they have no compunction against pillaging. Why wouldn’t Chinese companies steal from the US? Beijing has been successfully doing it for decades.
Electronics and the China Threat
The sad thing is that the exploits of these hand held Manchurian Candidates should come as no surprise, but they do. People in the know comment (14) that oftentimes Chinese cell phone producers are reluctant to share source code, a thing they must do per Android licensing terms.
The obvious reason is that the code may be compromised. Even more disturbing is that these producers can embed malicious code into the silicon, making the threat even more severe.
The business model for the crooked Chinese cell phone syndicate is to subsidize the price of the units with money it has stolen from its users.
Neither my contacts nor I can prove that the N9500 is produced by a communist backed company, but then again we cannot prove they are not. After checking and trying to identify the OEM, I’ve had no luck. In fact, the details of the company manufacturing these units are as murky as the Beijing sky. So far, no one knows who produces these things. Now that is the really scary part.
For all we know it could be Huawei, ZTE, Lenovo or any one of the hundreds of Chinese phone manufacturers here. Without being able to identify them, how can we ensure that the next batch of phones they ship will not have the exact same problem? How long will it take for us to find the security flaw the next time. Fortunately for us, a German firm exposed this one, but after how long? How much damage was done before we were informed?
Chinese manufacturers are getting better at theft. Washington echoed a major fear that by outsourcing production to China we would become more vulnerable to their shenanigans. Experts voiced concern that the Chinese could infect products at any stage in the process. It was much easier to control the China threat when they merely assembled goods, but now the danger goes much deeper.
An analogy can best explain this danger. Think of the production process like building a house. In the past, Westerners drew up the plans to build a home. They included all the necessary specs for each step in the process. Another team would come in and lay the foundation and still another would put up the frame. In the end, walls, doors and windows were put in place and the home was complete. For the most part, this was American manufacturing pre-1990.
A few years ago, America outsourced part of the “house construction” process to the Chinese. We still drew up the plans and laid the foundation and walls, but allowed them to install windows and doors. The only fear we had was that they could rig a door frame and then try to break into the house in the still of the night (analogy to a back door). We could minimize this risk by checking the windows and doors against the specs. If anything was wrong, we could fix it.
Now we have outsourced the entire house building process and the Chinese are in control. Sure we may draw up the blueprints, but they control each step in the process. They may build a product which looks like a normal house, but is much different. Instead of corrupting windows and doors, the Chinese can install a spy directly in the house. Previously we only had to worry about them attaching malicious gear into our products but now they are built right in.
China’s Underlying Goals
A knee-jerk response is to say that Chinese manufacturers are no worse than the NSA. Nothing could be farther from the truth. The NSA is a spy agency, just like that of any other country. Its job is to protect national interests.
It does not, however, build and sell products under the protective coating of normal consumer goods. Its job is quite simple. Chinese companies such as those mentioned in the article are not so forthcoming. By handing off data to Beijing, then they become an extension of China’s spy arm. The lack of transparency into such Chinese companies makes them even more dangerous.
Absent a change in the way we see our China engagement things will only get worse. The rules of the game have changed and we have not kept up. American firms are too willing to trade off security for profit. Consumers, on the other hand, are often ill informed of the risk of Chinese made products. On a positive note, stories such as this serve to raise awareness of how grave the problem is.
References & Image Credits:
(1) TSW: China to Escalate Cyberwar Capabilities
(2) Uber Gizmo
(3) Tech World
(4) Phone Arena
(5) Next Powerup
(7) China’s Xiaomi Phone Spying for Beijing
(8) TSW: Is the US Becoming a Vassal State to China – Part II
(9) TSW: China Brags About Stealing Top Secret US Tech – Part I
(10) PC Mag
(11) ZD Net
(13) TSW: Torture, Detention and Dissappearance: The Beijing Solution for Tibet
(14) Facebook 0