- Chinese smartphone maker Xiaomi is facing the side-effects of becoming the world’s 3rd biggest firm after Apple and Samsung with adverse propaganda on it s every move and now the latest one is a security researcher’s claim to have hacked their servers in China.Though Xiaomi has called it a hoax and rubbished hacker Chen Huang’s claim and threatened legal action against him but the hacker is not relenting under threat and said he was able to discover a zero-day vulnerability on Xiaomi’s website and gleaned info of millions of user accounts and logs.
Huang said he conducted the zero-day attack or finding a previously unknown vulnerability in an application or Operating System which developers need to release a patch immediately and is often positive back up to major firms to keep their applications safe. In this case, hacker Huang said he would present a paper at an upcoming seminar in India, said a report in the Hacker News.
Xiaomi has claimed that the allegation was merely to malign its reputation and said so far only one leak took place from its server belonging to a 2-year-old account file in May. The file had data of user accounts registered before 2012 and a new system has replaced the old file already, said the company.
In another development, the company already said it is relocating its servers from Beijing to California and Singapore in three phases. The move followed a notice from the Taiwanese government and suspicions in India that the the mainland China-based Xiaomi Inc is collecting users information from its sold phones in third countries.
F-Security, a digital security firm was the first to point out this anomaly in Xiaomi smartphones saying, “What Xiaomi did originally was clearly wrong: they were collecting your address book and sending it to themselves without you ever agreeing to it,” said Mikko Hypponen of F-Secure.“What’s more, it was sent unencrypted.”
Xiaomi vice president Hugo Barra, who shifted from Google to the Chinese company, in a blog post on Google Plus, wrote, “We’re moving your data! User experience is hugely important to us. As a global Internet company, we really care about speed and we’re also fully committed to storing our users’ data securely at all times.”
He further assured a time frame to shift the data in three phases — E-commerce migration of customer’s information from the Beijing office to Amazon AWS data centers in California and in Singapore. “We also began using Akamai’s global CDN infrastructure to speed up static page loads. This migration process will be completed by the end of October and will benefit users in all of our international markets — Hong Kong, India, Indonesia, Malaysia, Philippines, Singapore, and Taiwan,” he assured.
Under the Phase 2, the MIUI interface services migration will transfer data of all international users Amazon or Singapore-based servers, including Mi Account, Cloud Messaging and Mi Cloud services. “We are expecting to complete this migration by the end of 2014, with some parts being completed even sooner,” Barra wrote.
The third phase will entail Xiaomi to go local, especially building and maintaining servers in India and Brazil, the two most important markets it is eyeing currently.