Xiaomi / MI India User data Compromised? Delhi Court’s Restraining Order Shows It Might!

Xiaomi has obtained a permanent injunction against Indian InfoSec Consortium and Taiwan based security expert Mr. Chen Huang that restrains them from disclosing any information in regards to Xiaomi user accounts that they may possess.
Here is the entire story.
Taiwan based security researcher, Mr. Chen Huang was supposed to give a presentation on his research, titled: “Privacy-Alert: Exposing China-based XIAOMI Mobiles” at Asia’s biggest hackers conference, Ground Zero Summit (G0S) 2014 organized by Indian InfoSec Consortium in New Delhi (on 13th & 14th November).
In regards to his presentation, the website said,  “In this session Taiwanese Researcher will demonstrate how Xiaomi Phones have been sending device data and personal data of Xiaomi Phone user to Chinese Servers. The Researcher will also release Server Logs, Mi Account username, Emails and passwords of millions of Xiaomi users which have been obtained using a Zero Day flaw in the Xiaomi Servers.”
In short, Chen Huang was going to demonstrate how Xiaomi phones have been sending data to Chinese servers and he had server logs, account user names, emails and passwords to prove it.
From Xiaomi’s point of view, they have done the right thing by bringing a restraining order, so as to ensure that their user data does not become public. However, there is something quite startling in the what Xiaomi has said. They have mentioned that the researcher may be holding millions of Mi phone user names and passwords, which is quite significant.
It is known fact that Xiaomi was sending the user data to Chinese servers, and subsequently they took steps to ensure user has a choice of avoiding it. The significant thing however this court order points is that Xiaomi thinks millions of user accounts may have actually been compromised.
Complete Court Restraining Order.

About sushant gore