Xiaomi, which is trying to make inroads into India's booming mobile phone market, was found



China's number one — and the world's 3rd largest — smartphone manufacturer,, which is trying to make inroads into India's booming mobile phone market, was found secretly sending users' personal data , including IMEI numbers, phone numbers and text messages to the web servers back to Beijing in China.

INDIA AND TAIWAN vs XIAOMI

This issue raised higher concerns across many countries, proactively in India, Singapore and Taiwan.



The Indian Air Force (IAF) — among the largest in the world — warned its employees and their belongings that their private information was being shipped over to servers in China, and asked them to avoid using Xiaomi smartphones due to security risk.

Taiwanese Government underlined similar concerns before Xiaomi's launch in India. Xiaomi is facing an investigation in Taiwan for alleged cyber security threat, as a result of which last month the Taiwanese government decided to ban the company due to several privacy controversies.





When it comes to sales, Xiaomi's Mi3 and RedMi 1S have lately been redefining the term 'Flash Sales' with a recorded sales of 90,000 units in just 12 seconds. So, you can imagine the total Xiaomi statistics of Xiaomi.





TAIWANESE RESEARCHER TO EXPOSE XIAOMI AT HACKER CONFERENCE

Meanwhile, an independent Taiwanese Security Expert came up with another bad news for Chinese Xiaomi Mobile company, as he claimed to have found zero-day vulnerability in Xiaomi website that allowed him to obtain credentials of millions of Xiaomi accounts and logs from the servers.





Taiwanese Researcher allegedly planned to reveal Xiaomi zero-day vulnerability and his investigative researcher at Asia's biggest hackers conference, Ground Zero Summit (G0S) 2014 this November; with his session titled - "Privacy-Alert: Exposing China-based XIAOMI Mobiles".



As shown in the above screenshot, paper abstract mentioned on the website says, "In this session Taiwanese Researcher will demonstrate how Xiaomi Phones have been sending device data and personal data of Xiaomi Phone user to Chinese Servers. The Researcher will also release Server Logs, Mi Account username, Emails and passwords of millions of Xiaomi users which have been obtained using a Zero Day flaw in the Xiaomi Servers."



But after getting selected as a speaker for the conference, reportedly the talk has been pulled out from the conference within a day. allegedly planned to reveal Xiaomi zero-day vulnerability and his investigative researcher at Asia's biggest hackers conference,this November; with his session titled - "".As shown in the above screenshot, paper abstract mentioned on the website says, "But after getting selected as a speaker for the conference, reportedly the talk has been pulled out from the conference within a day.





Ground Zero Summit' organizer told The Hacker News that 'Privacy-Alert: Exposing China-based XIAOMI Mobiles' session has been withheld till the time Xiaomi investigates the data breach and accusations made by the researcher. According to the paper, the vulnerability could have been utilized by anyone to convey a data and privacy breach.



In a mail, the '' organizer toldthat '' session has been withheld till the time Xiaomi investigates the data breach and accusations made by the researcher. According to the paper, the vulnerability could have been utilized by anyone to convey a data and privacy breach.

DATA BREACH AT XIAOMI

Mi Account' to its customers through which users gain access to their Mi Cloud, Mi Talk, MIUI Forum, Mi Market and other Xiaomi services. These online Xiaomi Mi Accounts store users' personal information including mobile numbers, email addresses and account credentials. Xiaomi devices provide '' to its customers through which users gain access to their Mi Cloud, Mi Talk, MIUI Forum, Mi Market and other Xiaomi services. These online Xiaomi Mi Accounts store users' personal information including mobile numbers, email addresses and account credentials.





Xiaomi website zero-day vulnerability and Taiwanese Researcher' session at G0S Conference also raises concern about the security of the data of millions of users linked to their Xiaomi's Mi Cloud account.





The researcher contacted The Hacker News team and provided partial database of a few thousands of Xiaomi users, which confirmed that the millions of Xiaomi Mi accounts has already been compromised.



Anyone with Xiaomi account credential can remotely locate, ring, lock and wipe up your phone data easily. Xiaomi mobile users are recommended to reset "Mi account" password immediately.





XIAOMI MOVING DATA CENTER TO INDIA

After facing several privacy controversies, Xiaomi said today that it plans to open a data center in India, away from its servers in Beijing due to performance and privacy considerations.