Categories: News

Xiaomi addresses latest Mi Cloud security concerns

Following its earlier privacy breach allegation on its Redmi Note, security concerns surrounding Xiaomi’s cloud storage, Mi Cloud has cropped up once again. This time it was raised up by security firm F-Secure.

In their earlier clarification and response, Xiaomi says that they take user privacy very seriously and they do not send user data to external servers without permission. The only time this happens is if a user opts to backup their device to the cloud with their Mi Cloud service, which is similar to other cloud solutions including Apple’s iCloud. If a user do not wish to use Mi Cloud, they can disable it completely.

So is the privacy issue sorted out for good? Not completely according to F-Secure and they have conducted a test with a brand new Redmi 1S, which is the smaller brother of the Redmi Note. With just a SIM Card, WiFi connection and no account set up when the phone was switched on for the first time, they tried making a standard voice call. To their surprise, they have reported that the device has sent some information to Xiaomi servers which includes IMEI, telco name and phone number.

They repeated this several times and upon signing in to Cloud Mi, the device would send more info including IMSI (SIM Card ID). So it appears that the Redmi 1S was transmitting info to their servers even without having to logged into Mi Cloud.

Obviously Xiaomi is not taking this second wave of security concerns lightly and Hugo Barra has responded along with a solution. He clarified that when a Mi device is switched on, the MIUI Cloud Messaging service would be enabled by default. In case you didn’t know, sending SMS between 2 MIUI devices that are connected online would be delivered for free over the internet. This happens in the quietly background and it appears like a normal SMS. For this to be possible, the Cloud Messaging service would require IMEI/IMSI and Hugo has stressed that no personal data such as contacts are stored on it.

To address such concerns once and for all, Xiaomi will be pushing a OTA (Over the air) software update to ensure that its Cloud Messaging service would be an opt-in service and disabled by default. You can get the latest updates under “Settings > About Phone > System Updates”. To turn it MIUI Cloud Messaging back on, users can head to “Settings > Mi Cloud > Cloud Messaging”. Below is the full FAQ on the latest concerns:

Q: What is MIUI Cloud Messaging?

A: Xiaomi offers a free service called Cloud Messaging as part of its MIUI operating system. This service allows MIUI users to exchange text messages with each other free of SMS charges, by routing messages via IP instead of using the carrier’s SMS gateway.

Q: How does Cloud Messaging work? Does it store any private user information?

A: When a Mi phone is turned on, the Cloud Messaging service is automatically activated through IP communication protocol with Xiaomi servers, in order to provide the user with the free text messaging capability. MIUI Cloud Messaging uses SIM and device identifiers (phone number, IMSI and IMEI) for routing messages between two users, in the same way as some of the most popular messaging services. Some technical implementation details are provided below. Users’ phonebook contact data or social graph information (i.e. the mapping between contacts) are never stored on Cloud Messaging servers, and message content (in encrypted form) is not kept for longer than necessary to ensure immediate delivery to the receiver.

Q: How does this relate to the privacy concerns raised about Xiaomi over the last 48 hours? What’s your response?

A: A recent article in Taiwan and a related report by F-Secure raised privacy concerns by stating that Xiaomi devices are sending phone numbers to Xiaomi’s servers. These concerns refer to the MIUI Cloud Messaging service described above. As we believe it is our top priority to protect user data and privacy, we have decided to make MIUI Cloud Messaging an opt-in service and no longer automatically activate users. We have scheduled an OTA system update for today (Aug 10th) to implement this change. After the upgrade, new users or users who factory reset their devices can enable the service by visiting “Settings > Mi Cloud > Cloud Messaging” from their home screen or “Settings > Cloud Messaging” inside the Messaging app — these are also the places where users can turn off Cloud Messaging.

We apologize for any concern caused to our users and Mi fans. We would also like to thank the media and users who have been sending us feedback and suggestions, allowing us to improve and provide better Internet services.

Q: How exactly does the MIUI Cloud Messaging system handle phone numbers?

A: For those interested in specific details about the MIUI Cloud Messaging implementation:
– The primary identifiers used to route messages are the sender and receiver’s phone numbers. IMEI and IMSI information is also used to keep track of a device’s online status.

– When a user sends a text message, if there is an Internet connection available, the Cloud Messaging system will attempt to route the message via IP. If the receiver is offline (i.e. not immediately reachable via IP), the system falls back to sending a normal SMS message from the sender’s device.

– When a MIUI user opens a text message or a phonebook contact, or creates a new contact, the device connects to the Cloud Messaging servers, forwards the phone number of that contact and requests the online status of the corresponding user, which is indicated by a blue icon when that user is online or gray icon if that user is offline (or is not a Cloud Messaging user). This allows the sender to immediately know whether they can text that user without incurring SMS costs.

– In any of these flows, the receiver’s phone number is only used to look up online status and to route messages. No phonebook contact details or social graph information (i.e. the mapping between contacts) is stored on Cloud Messaging servers, and message content (in encrypted form) is not kept for longer than necessary to ensure immediate delivery to the receiver.

– The OTA system update made available today (Aug 10th) adds an extra layer of security by encrypting phone numbers whenever they are sent to Cloud Messaging servers.

– We will continue to make changes and improvements to this architecture as needed over time.

[ SOURCE 2, VIA ]

Recent Posts

JomCharge x DBKL turn on 4 EV Charge Points at Kepong Aftermeal

Another week, another JomCharge x DBKL street-level EV charger goes live. The rollout continues in…

1 hour ago

DC Handal adds 9 EV Charge Points at Sunway Putra Mall

DC Handal continues to deploy more EV chargers at Sunway premises and the latest location…

2 hours ago

Gentari deploys 240kW and 180kW DC Chargers at BYD Ipoh Jalan Kuala Kangsar

If you're heading to Ipoh, there are now even more DC fast charging options along…

3 hours ago

How fast is ULTRA5G inside KL Malls? Here’s What Dedicated Indoor ULTRA5G Infrastructure Can Actually Do

This post is brought to you by U Mobile. We have all experienced the mobile…

6 hours ago

Denza Z9 GT now in Malaysia for RM359k: Luxury sports EV with 600km of range

Denza Z9 GT is now officially in Malaysia after it was first demonstrated here over…

20 hours ago

Huawei MatePad Air 2026 with 144Hz PaperMatte OLED screen, six speakers previewed in Malaysia: Here’s what we know

Aside from launching the Huawei Pura 90s series, Huawei Malaysia also unveiled the MatePad Air…

23 hours ago

This website uses cookies.