After the Lithuanian cyber defense warned of security gaps and built-in censorship functions in Chinese cell phones, the Federal Office for Information Security (BSI) initiated its own investigations. This was confirmed by a BSI spokesman for the German Press Agency. The state center for cybersecurity in Vilnius had especially criticized a device from the Chinese manufacturer Xiaomi because it was technically able to censor certain content on the built-in web browser. The censorship filter was not active, but could be switched on remotely.
The BSI received the report from the Lithuanian cyber defense on Wednesday, in which three specific smartphone models were analyzed.
These were the Huawei P40 5G, the Xiaomi Mi 10T 5G and the OnePlus 8T 5G.
The cybersecurity center NKSC (Nacionalinio Kibernetinio Saugumo Centro) directed the most serious allegations against Xiaomi.
At Huawei, the Lithuanians complained that the app store also links to sources that the agency has classified as unsafe.
The NKSC found no defects in the OnePlus device.
No censorship of communication
A spokesman for Xiaomi said his company's devices did not censor communications with or from their users.
"Xiaomi has and will never restrict or prevent personal activities of its smartphone users, such as searching, calling, surfing the Internet or using third-party communication software."
The BSI spokesman said that neither Xiaomi nor any other manufacturer from China was on the list of smartphone brands that can be officially ordered by the federal authorities.
However, the BSI cannot rule out that a Xiaomi smartphone is still in use through business use of privately purchased devices.
Rüdiger Trost, security expert from F-Secure Germany, told the dpa that the allegations must be taken seriously. “I think it is more than likely that there are opportunities for Chinese authorities to directly access smartphones from national production. And I have no doubt that China is willing to use technical means to exercise censorship. ”If the corporations, the Chinese state or hackers had such extensive access, they could not only read communications before they were encrypted, for example in the case of e- Mails, WhatsApp or even Signal. “You could even upload data and in this way discredit a dissident, for example. You could manipulate your smartphone in such a way that it appears like a spy from another state. "
Trost pointed out that the Chinese smartphones usually run on the Android operating system, which was developed by Google.
“We have found that the Android versions adapted by smartphone manufacturers are differently secure for the respective devices.
The Android adaptations by manufacturers such as Xiaomi can lead to the security of these devices being significantly impaired. ”The corporations would hardly do that out of self-interest.
"In China, little happens completely bypassing the state."
Consumer not in focus
However, one can assume that the broad mass of users would not be in the focus, stressed Trost. "But if I were a politician, journalist or dissident, it would look different." Thorsten Urbanski, spokesman for the security company Eset, warned against placing all smartphones from China under general suspicion. However, manipulated devices have "been a major security problem for many years". “More than five years ago, there were the first cases of devices that came onto the market with manipulated firmware and preinstalled spyware apps on their way to Europe.” The manipulations at the time could have stolen extensive data. It was also possible to monitor the owner. In many cases, the manipulations did not come from the manufacturer himself.
Many compromised devices entered Europe through online trading, said Urbanski.
In some cases, counterfeit devices equipped with malware apps could also be found in stationary retail.
His advice: “If, for example, devices are not in their original packaging when they arrive as new, consumers should generally be careful and return the device if necessary.
Likewise, offers with discounts of 50 or 60 percent on current smartphones are usually too good to be true. ”Consumers often paid the low price with their data or received counterfeit devices.Keywords: