chinese smartphone security issues?
 

hi,

Im thinking of buying a new large screen smartphone. There are chinese devices which are well speced and sell for about half of name brands.

Im less concerned with build quality since an android phone is probably useful for 2-3 years, assuming one wants to keep up with pace. so presumably these phones will last for 3 years or so.

my main concern is with security. there have been news about chinese telecom hw which was claimed to be used for gathering data illegally.
how likely is it these phones have a malicious rom which will be gathering sensitive info and sending it off to a third party?

or am I being paranoid?

TIA

You are being paranoid.

If it makes you feel any better, the Chinese will probably have less access to your sensitive info than the Americans :D

I would be wary of any Chinese HW, but that's just me.

There have been more than a few Chinese companies who have created products with spying measures baked in.

One example: http://en.wikipedia.org/wiki/Huawei#Security_concerns

But the difference is that the NSA isn't in the business of stealing your company's intellectual property and using it to make Chinese knock offs. :)

Oh please - chances are 95% of all the electronics in your home were made in China. Again, given the recent leaks about US intelligence, I think Chinese made hardware with a backdoor is the least of your worries. Why tap on your phone, when they can just pick it up off the fiber from your ISP or mobile operator.

I personally only buy Chinese branded phones, computers etc. - besides getting "more bang for the buck" - the chance that the NSA (and the other various spy organisations from the US of A) has managed to tap them is just much smaller than from the western companies, where usually the companies will even get paid by the NSA to include their spy software..

Yeah, the difference is that the NSA is in the business of stealing your company's intellectual property and using to to make American knock offs.

Somehow not that big of a difference, is it..

And yes, that's what Echolon&Co have existed for half a century now.. it's wide-known knowledge..

Indeed. And the Chinese government isn't anywhere as close to getting such widespread international cooperation in maintaining and further building up a global electronic communication surveillance infrastructure to spy on the majority of people in the world as the Team US-UK has gotten.

Even the "American" smarthphones are made in China. Waiting to see when the Chinese-made iPhones are going to get ditched by all US government agencies. :D

Yes, but the obvious difference when you buy an American product that's made in China, is that the product is overseen and managed by a non-Chinese vendor.

No, they can't tap my internet, because my important traffic is encrypted, FT not so much.

Exactly what intellectual property rights has the NSA used to create knock off products...I can't wait to hear this one...

Yes, *Echelon* has been well known for decades. Thanks for the late breaking news.

That you know of. Perhaps they're smart enough not to give sysadmin access to a poorly vetted contractor...

Since when are allegations taken as fact?

Beyond that, the primary concern is that the Chinese government could disable communication systems as part of an information warfare campaign against the US, not them snooping on your personal information akin to the NSA.

Give me the savings from Chinese-built hardware any day in exchange for the off-chance they want to snoop on my FT posting habits and FB wall updates.

Smart or not, they haven't been in a position to do the same or more; and still they are not in a position to do so.

Good luck buying "American" retail consumer technology that has nothing made in China and is near anywhere as cheap as it is. If the concern is government spying, it makes more sense to be concerned about the infrastructure surveillance on the back-end being done by a more established global cooperative like that put together by Team US-UK.

They are in a position to do so. They have cyber armies that work on this non stop. They may not have the hardware that the US has, but they have the people. If you really think the internet is free in China and they aren't using vast resources to spy (infect) others, you're only fooling yourself.

Personally, I'm not concerned about gov't spying. I'm not the target they're looking for.

For the buying American (but made in China) comment, do read my above posts on the issue.

My point for the OP is that the Chinese, for better or worse, don't play by the same rules as others.

No, they are not. Have you paid attention to how international electronic communications are routed and where the bottlenecks tend to be? Those bottlenecks are where communications are most easily monitored and the Chinese government is, relative to the US and UK, in a pretty lousy position to get local cooperation or willful "ignorance" where the bulk of those bottlenecks are.

Not news to me, as I'm neither fool nor fooling myself.

It doesn't matter for whom government is looking. After looking enough, most everyone can be prosecuted for something or be placed into a position to be threatened to do the government's bidding in such a way as to get prosecuted for it.

I did, and the suggestion about vendor oversight by a company doesn't change much of anything. If it did, did you think that the US would be backing Softbank and making sure some Chinese companies weren't suppliers to US comm. service providers in the DC area even when the vendor would be "American" or an American-favored-foreign-government-partner's company? ;)

Non-Chinese vendors, like Chinese vendors, have an interest in not being known as willfully putting in backdoors for government spying. Whether or not they can act on those interests, well that depends. Fortunately there are some whistleblowers from time to time and place to place that then get some of those vendors to sort of reveal that they have cooperated with the government's warrantless surveillance of massive numbers of people in and beyond the US. ;)

They play by questionable rules much as the US Government does; the PRC however does it without the global surveillance infrastructure and related connections in place that Team US-UK have managed to exploit.

http://news.yahoo.com/us-conducted-2...153300444.html