xiaomi-malware
Recently a mobile-security firm Bluebox claimed that the brand new Xiaomi Mi4 LTE comes pre-installed with spyware/adware and a "forked" vulnerable version of Android operating system on top of it, however, the company denies the claim.

Xiaomi, which is also known as Apple of China, provides an affordable and in-budget smartphones with almost all features that an excellent smartphone provides.

On 5th March, when Bluebox researchers claimed to have discovered some critical flaws in Mi4 LTE smartphone, Xiaomi issued a statement to The Hacker News claiming that "There are glaring inaccuracies in the Bluebox blog post" and that they are investigating the matter.
Cybersecurity

RESEARCHERS GET TROLLED BY CHINESE SELLERS
Now, Xiaomi responded to Bluebox Labs by preparing a lengthy denial to their claims and said the new Mi4 smartphone purchased by Bluebox team in China (known as the birthplace of fake smartphones) was not an original Xiaomi smartphone but a counterfeit product.
"We have concluded our investigation on this topic — the device Bluebox obtained is 100% proven to be a counterfeit product purchased through an unofficial channel on the streets in China," Xiaomi spokesperson told The Hacker News in an email statement. "It is therefore not an original Xiaomi product and it is not running official Xiaomi software, as Bluebox has also confirmed in their updated blog post."
This means, Mi4 LTE smartphone owned by Bluebox are tempered by the local Chinese shops itself. What the Heck! Chinese get trolled by Chinese.

XIAOMI DECLINES BLUEBOX CLAIMS
Xiaomi provided a detailed step-by-step explanation on each and every fact and figure:
  1. Hardware: Xiaomi hardware experts have analysed the internal device photos provided to the company by Bluebox and confirmed that the physical hardware is markedly different from the original Mi 4 smartphone.
  2. IMEI number: Xiaomi after-sales team has confirmed that the IMEI on the device from Bluebox is a cloned IMEI number which has been previously used on other counterfeit Xiaomi devices in China.
  3. Software: Xiaomi MIUI team has also confirmed that the software installed on the device from Bluebox is not an official Xiaomi MIUI build.
The company assured its customers that their devices neither come rooted, nor have any malware pre-installed.

Contrary to Bluebox claims, the company also assured its customers that the MIUI used in their products is true Android, which means MIUI follows exact Google's Android CDD (Compatibility Definition Document), and passes all Android CTS tests to make sure a given device is fully Android compatible.

Declining to Bluebox finding, Xiaomi released the following statement in an email to The Hacker News:
As this device is not an original Xiaomi product, and not running an official Xiaomi MIUI software build, Bluebox's findings are completely inaccurate and not representative of Xiaomi devices. We believe Bluebox jumped to a conclusion too quickly without a fully comprehensive investigation (for example, they did not initially follow our published hardware verification process correctly due to language barrier) and their attempts to contact Xiaomi were inadequate, considering the severity of their accusations.
With the large parallel street market for mobile phones in China, there exists counterfeit products that are almost indistinguishable on the outside. This happens across all brands, affecting both Chinese and foreign smartphone companies selling in China. Furthermore, "entrepreneurial" retailers may add malware and adware to these devices, and even go to the extent of pre-installing modified copies of popular benchmarking software such as CPU-Z and Antutu, which will run "tests" showing the hardware is legitimate.
Xiaomi takes all necessary measures to crack down on the manufacturers of fake devices or anyone who tampers with our software, supported by all levels of law enforcement agencies in China.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.