In an audit it published yesterday [PDF] the agency called out Xiaomi’s Mi 10T 5G phone handset firmware for being able to censor terms such as “Free Tibet”, “Long live Taiwan independence” or “democracy movement”.
Defence Deputy Minister Margiris Abukevicius told reporters at the audit’s release: “Our recommendation is to not buy new Chinese phones, and to get rid of those already purchased as fast as reasonably possible.”
Although the censorship setting was disabled for phones sold into the manufacturer’s “European region”, the Lithuanian NCSC said (page 22):
It has been established that during the initialisation of the system applications factory-installed on a Xiaomi Mi 10T device, these applications contact a server in Singapore at the address globalapi.ad.xiaomi.com (IP address 184.108.40.206) and download the JSON file MiAdBlacklistConfig, and save this file in the metadata catalogues of the applications.
That file contained a list of more than 400 terms, including “free Tibet”, “89 Democracy Movement” (a reference to Tiananmen Square) and “long live Taiwan’s independence”.
The local security agency’s 32-page report, titled “Assessment of cybersecurity of mobile devices supporting 5G technology sold in Lithuania”, focused on devices from Xiaomi, Huawei and OnePlus.
“It is believed that this functionality allows a Xiaomi device to perform an analysis of the target multimedia content entering the phone; to search for keywords based on the MiAdBlacklist list received from the server,” said the Lithuanian report.
“Once the device determines that the content contains certain keywords, the device performs filtering of this content and the user cannot see it. The principle of data analysis allows analysis not only of words written in letters; the list that is regularly downloaded from the server can be formed in any language.”
The agency said the censorship could be remotely re-enabled at any time by Xiaomi.