The National Communications Commission (NCC) is planning to establish a certification system for mobile phone security following reports that Chinese smartphone vendor Xiaomi automatically sends personal information to its servers in Bejing without first securing the consent of users.
A story published in a blog post of Finnish security company F-Secure Corp indicated that Xiaomi smatphones’ built-in text-messaging application, MIUI, can send users’ information to the company’s servers in Beijing without their approval.
Because of the loophole, the report said that the Chinese vendor can access users’ mobile phone number, the international mobile equipment identity (IMEI) code as well as the SIM card number.
The international mobile subscriber identity code would be exposed too if the user signs on to Xiaomi’s cloud service, the report said.
Similar to Apple Inc’s iMessage service, MIUI allows users to send text messages through the Internet rather than through telecoms’ networks.
The story was subsequently picked up by Taiwanese media outlets, with Xiaomi users in Taiwan reportedly topping 400,000. The Beijing-based smartphone vendor first denied the reports, but later apologized for the unauthorized data collection.
It added that the messaging system would only be activated on an “opt-in” basis and personal information would be encrypted and would not be stored on its servers.
The commission said it told the Chinese company to inspect all types of phones — not only the two mentioned in the F-Secure blog — that it sells in Taiwan and determine if they have the same issue.
“We have notified them that they should provide a written explanation of how they plan to address the issue,” said Lo Chin-hsien (羅金賢), director of the commission’s Resources and Technologies Department. “We will ask them to come in and answer questions if necessary.”
The commission is to meet with other mobile phone manufacturers soon to discuss how they address information security issues, Lo said.
He added that the Executive Yuan has determined that the applications built into mobile phones will be tested by the commission, while applications downloaded via mobile phones will be supervised by the Industrial Development Bureau.
While the commission has a certification system for mobile phone interfaces, batteries and other specifications, it does not have one yet for information security.
It is aiming to establish an information security mechanism by the end of next year, he said.
“Currently, there is no country in the world that demands that mobile phone manufacturers have national certifications for information security. We can only encourage mobile phone manufacturers to take such certification when it becomes available,” he said.
Lo said the mechanism would not only target mobile phones produced in China, but it would apply to other manufacturers as well.
STAY AWAY: An official said people should avoid disturbing snakes, as most do not actively attack humans, but would react defensively if threatened Taitung County authorities yesterday urged the public to stay vigilant and avoid disturbing snakes in the wild, following five reported snakebite cases in the county so far this year. Taitung County Fire Department secretary Lin Chien-cheng (林建誠) said two of the cases were in Donghe Township (東河) and involved the Taiwan habus, one person was bit by a Chinese pit viper near the South Link Railway and the remaining two were caused by unidentified snakes. He advised residents near fields to be cautious of snakes hiding in shady indoor areas, especially when entering or leaving their homes at night. In case of a
A tropical disturbance off the southeastern coast of the Philippines might become the first typhoon of the western Pacific typhoon season, the Central Weather Administration (CWA) said. The system lacks a visible center and how it would develop is only likely to become clear on Sunday or Monday, the CWA said, adding that it was not yet possible to forecast the potential typhoon's effect on Taiwan. The American Meteorological Society defines a tropical disturbance as a system made up of showers and thunderstorms that lasts for at least 24 hours and does not have closed wind circulation.
ENERGY RESILIENCE: Although Alaska is open for investments, Taiwan is sourcing its gas from the Middle East, and the sea routes carry risks, Ho Cheng-hui said US government officials’ high-profile reception of a Taiwanese representative at the Alaska Sustainable Energy Conference indicated the emergence of an Indo-Pacific energy resilience alliance, an academic said. Presidential Office Secretary-General Pan Men-an (潘孟安) attended the conference in Alaska on Thursday last week at the invitation of the US government. Pan visited oil and gas facilities with senior US officials, including US Secretary of the Interior Doug Burgum, US Secretary of Energy Chris Wright, Alaska Governor Mike Dunleavy and US Senator Daniel Sullivan. Pan attending the conference on behalf of President William Lai (賴清德) shows a significant elevation in diplomatic representation,
Credit departments of farmers’ and fishers’ associations blocked a total of more than NT$180 million (US$6.01 million) from being lost to scams last year, National Police Agency (NPA) data showed. The Agricultural Finance Agency (AFA) said last week that staff of farmers’ and fishers’ associations’ credit departments are required to implement fraud prevention measures when they serve clients at the counter. They would ask clients about personal financial management activities whenever they suspect there might be a fraud situation, and would immediately report the incident to local authorities, which would send police officers to the site to help, it said. NPA data showed
RSS