Lithuania’s National Cyber Security Center under the Ministry of National Defense (NCSC) conducted a cyber security evaluation of Chinese 5G smartphones and announced that it is concerned about high security risks. In particular, he is urging the public to pay attention, saying that it has found that it contains a function to censor certain words.
We investigated three models: Huawei P40 Pro, Xiaomi Mi 10T Pro, and OnePlus 8T. We analyzed four cybersecurity risks: application general security, personal information leakage, and restriction of freedom of expression.
As a result, it was discovered that the Huawei P40 Pro was sent from AppGallery, the official Huawei app store, to third-party app stores that distribute malicious programs or virus-infected apps. It points out that, since a security vulnerability was found, there were also traces of sending user data to an external server located in Singapore.
In the case of Xiaomi Mi 10TW Pro, I discovered that a word censorship blacklist (MiAdBlacklistConfig) exists. It is said that several keywords were registered, such as free Tibet, Mongolian independence, Islamic Union, and Pleistine liberation. Additionally, the OnePlus 8T says no issues have been found that increase the security risk.
Lithuania’s Deputy Defense Minister said the state or public institutions should not use such smartphones and should adopt a law regulating the use of certain smartphones by various state agencies.
Lithuania has recently strengthened relations with Taiwan, and in July 2021, Taiwan announced that it would actually set up an embassy in Lithuania. In response, China protested, including inviting the Lithuanian ambassador to the country. It is also pointed out that such deterioration in relations with China may have led to this investigation.
Huawei denied the content, saying that its devices do not transmit user data externally. Xiaomi also said that the device does not censor user communications, and that Xiaomi has not and will not, and will not, restrict or block smartphone users’ personal behavior such as searches, calls, web browsing, and use of third-party communication software. It respects and protects rights and emphasizes compliance with the EU General Data Protection Regulation GDPR. Related information can be found here.