Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Lithuanian Agency Warns Against Use of Chinese-made Phones

Lithuanian cybersecurity experts are urging the country’s government agencies to abandon the use of Chinese smartphone brands after an investigation identified security vulnerabilities and censorship concerns with certain devices.

Lithuanian cybersecurity experts are urging the country’s government agencies to abandon the use of Chinese smartphone brands after an investigation identified security vulnerabilities and censorship concerns with certain devices.

Lithuania’s National Cyber Security Center said it found four major cybersecurity risks for devices made by Huawei and Xiaomi, including two relating to pre-installed apps and one involving personal data leakage, and warned against using these two brands.

Xiaomi phones, which contain a content-filtering feature for 449 keywords or groups of keywords in Chinese characters, also carry the risk of possible restrictions on freedom of expression, according to the Lithuanian investigation.

The cybersecurity center warned the function could be activated at any time and said it did not rule out the possibility that words written in Latin characters could be added. According to the Lithuanian report, apps receive updated lists of censored words and phrases and are capable of blocking them.

The phrases include “Free Tibet,” “Voice of America,” “Democratic Movement” and “Long Live Taiwan Independence.” Although the content-filtering feature was disabled and no censorship was performed on the phones the Lithuanian center inspected, the center warned the function could be activated at any time.

[ READHuawei and Supply Chain Security – The Great Geopolitical Debate ] 

A Huawei spokesperson in Lithuania denied the allegations.

Xiaomi denied its phones could be used to censor or posed privacy risks, saying they complied with the European Union’s stringent privacy regulations.

Advertisement. Scroll to continue reading.

“Xiaomi’s devices do not censor communications to or from its users,” the company said in a statement. “Xiaomi has never and will never restrict or block any personal behaviors of our smartphone users, such as searching, calling, web browsing or the use of third-party communication software. Xiaomi fully respects and protects the legal rights of all users.”

The cybersecurity center, which is a Defense Ministry agency, also investigated phones made by another Chinese company, OnePlus, but found no problems.

“We strongly recommend that state and public institutions not use those devices and plan to initiate legislation which regulates acquiring certain devices for the ministries and various state agencies,” Deputy Defense Minister Margiris Abukevicius said Wednesday.

More than 200 public authorities have purchased such phones, and over 4,500 phones are in use, “which, in our opinion, increases the risks,” Abukevicius said. He didn’t specify the makes of all the phones.

The center’s investigation, released Tuesday, was done “to ensure the safe use of 5G mobile devices sold in our country and the software they contain,” he said.

Also, ordinary “people should also know what’s inside these phones, about the certain software and consider safety before making their decisions,” the minister said.

Beijing-based Xiaomi, known for its value-for-money devices, became the world’s No. 2 smartphone maker by sales this year, trailing only Samsung. The company was put on a U.S. Defense Department blacklist in the last few days of the Trump administration, which accused it of links to China’s military. It was later removed after suing the U.S. government and denies having any links with China’s People’s Liberation Army.

The move comes amid tensions between Lithuania and China.

Earlier this month, Lithuania recalled its ambassador to China following the Baltic country’s decision in July to allow Taiwan to open an office in its capital under its own name. In August, China recalled its ambassador to Lithuania and told the Baltic nation to “immediately rectify its wrong decision.”

China says Taiwan is part of its territory and doesn’t have the right to diplomatic recognition, although the island maintains informal ties with all major nations through trade offices, including in the United States and Japan. Chinese pressure has reduced Taiwan’s formal diplomatic allies to just 15.

Taiwan and Lithuania agreed in July that the office in the capital, Vilnius, set to open this fall, will bear the name Taiwan rather than Chinese Taipei — a term often used in other countries in order not to offend Beijing. On Wednesday, Lithuania said it was sending another 236,000 COVID-19 vaccines to Taiwan.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.