Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday April 24 2019, @05:18AM   Printer-friendly
from the free-backups dept.

A brand new Huawei P30 Pro smartphone has been found to be sending queries and possibly data to Chinese government servers, without the user having signed up for any Huawei services, reported OCWorkbench.

The Facebook page ExploitWareLabs at 5:32 p.m. on Sunday uploaded a post which included a list of DNS (Domain Name System) queries being delivered behind the scenes from a new Huawei P30 Pro. A DNS query (also known as a DNS request) is a demand for information sent from a user's computer (DNS client) to a DNS server.

In layman's terms, it means the phone could potentially be automatically transferring user data back to cloud servers run by the Chinese government, unbeknownst to the device's owner.

The list of DNS addresses includes beian.gov.cn, which was registered by Alibaba Cloud and managed by China's Ministry of Public Security, according to Whois.com. Another frequently listed request was sent to china.com.cn, which was registered by EJEE Group and operated by China's state-run mouthpiece the China Internet Information Center, according to Whois.com.

According to ExploitWareLabs, all of these queries were sent to Chinese government-run servers despite the fact that the user had not configured the phone for any Huawei services, such as Huawei ID or any Hi services.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 1, Insightful) by Anonymous Coward on Wednesday April 24 2019, @05:35AM (1 child)

    by Anonymous Coward on Wednesday April 24 2019, @05:35AM (#834233)

    The high resolution photos and videos of your naked wife will be instantly duplicated. Now twice as care free.

    • (Score: 2) by DannyB on Wednesday April 24 2019, @02:03PM

      by DannyB (5839) Subscriber Badge on Wednesday April 24 2019, @02:03PM (#834342) Journal

      By smuggling those pictures in DNS requests, the pictures might upload rather slowfully.

      --
      People today are educated enough to repeat what they are taught but not to question what they are taught.
  • (Score: 5, Insightful) by JustNiz on Wednesday April 24 2019, @05:47AM (3 children)

    by JustNiz (1573) on Wednesday April 24 2019, @05:47AM (#834234)

    ...every iPhone and Android phone ever found to be tracking you and transmitting your most personal details to Google and Apple Servers In the US.

    • (Score: 2) by Appalbarry on Wednesday April 24 2019, @07:13AM (1 child)

      by Appalbarry (66) on Wednesday April 24 2019, @07:13AM (#834249) Journal

      Exactly. Actually just picked a Huawei P20 at a nice discounted price and it's a great little phone, aside from Android Pie screwing up GPS performance and disabling call recording.

      • (Score: 1, Funny) by Anonymous Coward on Wednesday April 24 2019, @11:27AM

        by Anonymous Coward on Wednesday April 24 2019, @11:27AM (#834290)

        Just because you can't record the call doesn't mean that Huawei isn't recording the call ... and your texts ... and your emails ... and your banking app ... and and and ...

    • (Score: 5, Insightful) by DannyB on Wednesday April 24 2019, @02:05PM

      by DannyB (5839) Subscriber Badge on Wednesday April 24 2019, @02:05PM (#834343) Journal

      The difference here is that Android and iPhones generally give you a choice about this:

      [x] Yes, please upload all my data
      [_] No, please exclude my device from the list of devices that won't upload data

      --
      People today are educated enough to repeat what they are taught but not to question what they are taught.
  • (Score: 3, Interesting) by PinkyGigglebrain on Wednesday April 24 2019, @06:02AM (3 children)

    by PinkyGigglebrain (4458) on Wednesday April 24 2019, @06:02AM (#834240)

    should be easy to confirm by other groups. I'll wait till that happens.

    I find it hard to trust a company with no other web presence than their Facebook page.

    Not to mention that if it was so easy to find this happening then why hasn't someone from the other more established and credible sources said anything about it?

    I mean people have only been looking for this kind thing for how many years now?

    --
    "Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
    • (Score: 2) by c0lo on Wednesday April 24 2019, @06:08AM (2 children)

      by c0lo (156) Subscriber Badge on Wednesday April 24 2019, @06:08AM (#834241) Journal

      I mean people have only been looking for this kind thing for how many years now?

      Keeping into account the context of "A brand new Huawei P30 Pro smartphone", I would say they can't be looking for more than one month.

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
      • (Score: 3, Touché) by Anonymous Coward on Wednesday April 24 2019, @06:16AM

        by Anonymous Coward on Wednesday April 24 2019, @06:16AM (#834243)

        Could be worse. Could be Windows 10 Phone. Sending telemetry including keylogging and "pocket pool motion detected" messages to the secret Chinese headquarters in Redmond. Just saying.

      • (Score: 2) by PinkyGigglebrain on Wednesday April 24 2019, @04:52PM

        by PinkyGigglebrain (4458) on Wednesday April 24 2019, @04:52PM (#834403)

        Good point about it being a new phone, guess my mind blanked that out.

        But that would seem to make it even more unlikely when you stop to think about it. Huawei puts out a new phone in the middle of a huge PR storm about them being a tool of the Chinese government and all their gear having some kind of backdoor/rootkit in them and they used obvious plain text DNS lookups to connect to servers in China. The level of stupid on so many levels that it would require boggles the mind.

        Not to say its impossible. I'm still going to wait till this gets confirmed by some other source with a bit more credibility. I'm sure there are a lot of people going through that code bit by bit so it shouldn't be long one way or the other.

        --
        "Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
  • (Score: 3, Touché) by Anonymous Coward on Wednesday April 24 2019, @06:14AM (3 children)

    by Anonymous Coward on Wednesday April 24 2019, @06:14AM (#834242)

    Hey! I want my data to be collected by, targeted ads with that data by, and personal information used against me by an -American- firm.

    • (Score: 5, Informative) by c0lo on Wednesday April 24 2019, @07:13AM

      by c0lo (156) Subscriber Badge on Wednesday April 24 2019, @07:13AM (#834248) Journal

      No worries, Google will satisfy you.
      The Chinese doing the same comes for free.

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    • (Score: 0) by Anonymous Coward on Wednesday April 24 2019, @06:22PM (1 child)

      by Anonymous Coward on Wednesday April 24 2019, @06:22PM (#834440)

      You missed the "Chinese Government servers" part. Or do you think Apple sends queries, Android DNS queries, go to the Department of Homeland Security?

      Nice red herring though...

      • (Score: 0) by Anonymous Coward on Wednesday April 24 2019, @07:22PM

        by Anonymous Coward on Wednesday April 24 2019, @07:22PM (#834466)

        You definitly missed something. Look at other comments. A third party request from baidu.com to the beian.gov.cn (probably a service like the one google provides against malware, which is built into your browser and enabled by default) and the china.com.cn (once I pick english) seems like an even more boring yahoo news.

  • (Score: 5, Informative) by Anonymous Coward on Wednesday April 24 2019, @10:13AM (5 children)

    by Anonymous Coward on Wednesday April 24 2019, @10:13AM (#834278)

    https://github.com/pe3zx/huawei-block-list [github.com]

    The requests to beian.gov.cn were happened during testing, originate from baidu.com.

    Yeah, so dude asked for baidu.com and then that pulled requests from gov.cn website but then he thought "let's do grep for .cn only".... and then we have a non-story story.

    So why even after correction is this still posted here?? no one reads the source anymore?

    • (Score: 0) by Anonymous Coward on Wednesday April 24 2019, @01:01PM (1 child)

      by Anonymous Coward on Wednesday April 24 2019, @01:01PM (#834310)

      .... Fake ... News?

      • (Score: 0) by Anonymous Coward on Wednesday April 24 2019, @05:37PM

        by Anonymous Coward on Wednesday April 24 2019, @05:37PM (#834418)

        To serve as an example of "little nothing Facebook page needs big headline and so publishes incomplete data"?

        That said, if the apology holds (so far it's one facebook entry and one Github entry....) then the summary should be amended.

    • (Score: 1, Insightful) by Anonymous Coward on Wednesday April 24 2019, @03:47PM

      by Anonymous Coward on Wednesday April 24 2019, @03:47PM (#834381)

      So why even after? Because current USAian narrative, silly.

      Does it make a difference if its a gov shillbot or a useful patriot/idiot (i repeat myself) posting this garbage?

    • (Score: 2) by PinkyGigglebrain on Wednesday April 24 2019, @04:54PM

      by PinkyGigglebrain (4458) on Wednesday April 24 2019, @04:54PM (#834405)

      thank you for the update.

      --
      "Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
    • (Score: 0) by Anonymous Coward on Wednesday April 24 2019, @06:25PM

      by Anonymous Coward on Wednesday April 24 2019, @06:25PM (#834442)

      An excellent update. Article should be updated, I agree...

(1)