Written by Kedi Kebba @kedikebba for Techjaja Youblogs
In my earlier post, I talked about hacking using your android device. How about people who hack into your device, have you thought about it? If No, then you should, if yes, up to what extent do you know that you are not secure. Our devices are constantly sending data back to some servers without our notice. This is a big breach to one’s privacy. Forget the NASA stories, this has dug down to specific devices. It has been reported that Sony devices are constantly sending data to some servers in China without the owner’s consent, a few HTC variants and surprisingly the OnePlus One and the Xiaomi [Also called “The new kids on the Block”]
An article made from support forum of the Sony has raised attention on the security of the Sony Xperia mobile. Elbird, a Sony smartphone users complaining about the secret Baidu backdoor that is created automatically on all Sony Xperia devices. User claim that a ‘Baidu’ folder will be created on the Android KitKat 4.4.4 run build 10.5.1.A.0.283 in internal storage, and send all the users’ data to the China based server.
Once Android 4.4.2 or 4.4.4 KitKat firmware installed on the Sony device, a Baidu named folder is created automatically without the prior notice of the owner. After the folder is created, it relays the entire content as well as your communications, chats, video chats etc. and sends all the data to the China server.
What Baidu can Do?
Elbird noted that via Baidu folder Chinese government can-
• Read status and identity of your device
• Make pictures and videos without your knowledge
• Get your exact location
• Read the contents of your USB memory
• Read or edit accounts
• Change security settings
• Completely manage your network access
• Couple with bluetooth devices
• Know what apps you are using
• Prevent your device from entering sleep mode
• Change audio settings
• Change system settings
Another Sony user sleepyheads have also noted the same issue on reddit also.
“Just unpacked my Sony Z3 compact, haven’t installed a single app and its connecting to China. I am not so concerned about the folder itself but my phone now has a constant connection to an IP address in Beijing which I am not too happy about.” [Reddit User]
Sleepyhead claims that the MyXperia feature in the Sony Xperia series on smartphones and tablets is activated automatically and then connects to some Chinese site without his permission.
According to the reports, affected devices include the new Sony Xperia Z3 and Z3 Compact, and several users from the Reddit community have also reported about the presence of this folder on their mobile phones, too — and not necessarily phones made by Sony. One owns an HTC One M7, another an HTC One X, a few others own the OnePlus One.
Proof of Baidu Spyware
For proof of his claims[Reddit User] he had posted the two images which shows that device is making connection with the china server. See below
Worst part is that users can’t delete the Baidu folder, if someone tries to remove it, it instantly reappears.
Sony’s Response
After the claims of the users company noted they have recognized the issue and has said that in the next release the problem will be fixed. Until then if you are worried about your data to be send by Baidu folder, you can follow the below steps to fix the issue.
Preventing/ Disable Baidu folder.
1. Backup your important data and factory reset the device.
2. Turn on the device and go to Settings -> Apps -> Running and Force stop both “MyXperia” apps.
3. Then remove the Baidu folder using File Kommander app.
4. Go to Settings -> About Phone -> Click 7 times on the Build Number to enable developer mode.
5. Download or Install the Android SDK on your computer and then connect the Sony device to it using USB cable.
6. Run the adb tool terminal : adb shell
7. In adb shell, type the command: pm block com.sonymobile.mx.android
8. Exit adb shell
9. Reboot the device.
Similarly, Chinese smartphone manufacturer Xiaomi has been called out for spying on personal user data using their smartphones. According to F-Secure Xiaomi Smartphones were sending user data back to the servers based in China.
Note- Do all the above steps at your own risk as this page doesn’t incur any responsibility as a result of damaging your device.
