A brand new Huawei P30 Pro smartphone has been found to be sending queries and possibly data to Chinese government servers, without the user having signed up for any Huawei services, reported OCWorkbench.
The Facebook page ExploitWareLabs at 5:32 p.m. on Sunday uploaded a post which included a list of DNS (Domain Name System) queries being delivered behind the scenes from a new Huawei P30 Pro. A DNS query (also known as a DNS request) is a demand for information sent from a user's computer (DNS client) to a DNS server.
In layman's terms, it means the phone could potentially be automatically transferring user data back to cloud servers run by the Chinese government, unbeknownst to the device's owner.
The list of DNS addresses includes beian.gov.cn, which was registered by Alibaba Cloud and managed by China's Ministry of Public Security, according to Whois.com. Another frequently listed request was sent to china.com.cn, which was registered by EJEE Group and operated by China's state-run mouthpiece the China Internet Information Center, according to Whois.com.
According to ExploitWareLabs, all of these queries were sent to Chinese government-run servers despite the fact that the user had not configured the phone for any Huawei services, such as Huawei ID or any Hi services.
(Score: 2) by c0lo on Wednesday April 24 2019, @06:08AM (2 children)
Keeping into account the context of "A brand new Huawei P30 Pro smartphone", I would say they can't be looking for more than one month.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Touché) by Anonymous Coward on Wednesday April 24 2019, @06:16AM
Could be worse. Could be Windows 10 Phone. Sending telemetry including keylogging and "pocket pool motion detected" messages to the secret Chinese headquarters in Redmond. Just saying.
(Score: 2) by PinkyGigglebrain on Wednesday April 24 2019, @04:52PM
Good point about it being a new phone, guess my mind blanked that out.
But that would seem to make it even more unlikely when you stop to think about it. Huawei puts out a new phone in the middle of a huge PR storm about them being a tool of the Chinese government and all their gear having some kind of backdoor/rootkit in them and they used obvious plain text DNS lookups to connect to servers in China. The level of stupid on so many levels that it would require boggles the mind.
Not to say its impossible. I'm still going to wait till this gets confirmed by some other source with a bit more credibility. I'm sure there are a lot of people going through that code bit by bit so it shouldn't be long one way or the other.
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."