Xiaomi says smartphone full of security problems was a fake

By on
Xiaomi says smartphone full of security problems was a fake
Xiaomi Mi 4

A smartphone maker says that a firm's security analysis of one of its phones was actually done on a counterfeit device.

Last week, Bluebox Security said that it tested a legitimate Xiaomi Mi 4 LTE device, a popular smartphone in China, only to find that it was pre-loaded with “suspicious apps”, categorised as malware, spyware or adware.

Bluebox also said that phone was vulnerable to multiple vulnerabilities and that several conflicting API build properties were observed on the device.

Although Bluebox Lead Security Analyst Andrew Blaich said, at the time, that the phone was first verified to be a legitimate device by Xiaomi (since the phone was popular among counterfeiters) – further testing showed that the smartphone was, indeed, a fake, a follow up blog post by Blaich said Sunday US time.

After Bluebox's findings were published, Xiaomi reached out to the security firm Friday US time denying the claims.

On Monday US time, Xiaomi also provided a statement to SCMagazine.com on the matter.

“As this device is not an original Xiaomi product, and not running an official Xiaomi MIUI software build, Bluebox's findings are completely inaccurate and not representative of Xiaomi devices. We believe Bluebox jumped to a conclusion too quickly without a fully comprehensive investigation (for example, they did not initially follow our published hardware verification process correctly due to language barrier) and their attempts to contact Xiaomi were inadequate, considering the severity of their accusations,” the statement said.

Through an internal investigation, Xiaomi determined that physical hardware of the device in question was “markedly different” from their original Mi 4 device, and that the IMEI on the phone was a cloned number previously used on other counterfeit Xiaomi devices in China.

The company added that the software installed on the device was not an official Xiaomi MIUI build, "since its devices do not come rooted and do not have malware pre-installed”, Xiaomi said in the email.

Bluebox's Blaich wrote Sunday US time that the “version of the MIUI ROM loaded on this device has had some modifications done to even bypass the authentication checks for the AntiFake app” – a tool released by Xiaomi to help verify the authenticity of devices.

“After in-depth testing, Xiaomi has stated that the device is counterfeit and a very good one at that. It even defeated their verification app initially,” he explained.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Log In

Username / Email:
  |  Forgot your password?