TAIPEI (Taiwan News) -- After news broke that a Huawei P30 Pro was apparently querying servers in China , a Canadian IT engineer who lives in Taiwan says he has discovered that his Huawei Mediapad M5 is spying on him through several apps.
The engineer, who is skilled in computers, cellphones, and data networks, told Taiwan News that whenever he buys a new cellphone, he always installs a noroot firewall application to block unwanted snooping. After installing the firewall program on his newly purchased Huawei Mediapad M5, he found that Huawei was using his device to snoop on his activities and will not allow him to disable the offending apps.
The man said that he purchased the Huawei Mediapad M5 tablet/smartphone about six months ago, and it is the 8.1" sized model. He said that he had mainly used the firewall program to identify apps that were running in the background so he could disable them to save battery power.
He soon discovered several applications running in the background on his Huawei device that are sending data to China, but he never authorized them to do so. Despite the fact that he opted to disable them, the apps are still running in the background and he says he no longer has access to them.
The engineer said that many of the Huawei apps are recording activity and then sending it back to servers in China. He said the apps are sending information such as where he is browsing and login details, including usernames and passwords.
As he does not carry out internet banking on the device, he is not sure if the apps would monitor financial transactions. He claims that he never signed up for Huawei services and he deleted his account the first week he bought the tablet.
The engineer said that most of the software pre-installed on his Huawei device is sending data to an organization in China called Shanghai Dnion Information Technology Co, Ltd, which is located at Rm.531, Floor 5, North Third Ring Road, No.27, Shangfang Building, Beijing. He said that a lot of data often also passes through a cloud server Huawei uses in Singapore to bypass the Great Firewall of China.
He said that the following applications are "running 100 percent of the time." Despite the fact that he keeps turning them off, they keep restarting by themselves, and some are even disabled, but still work hidden in the background.
- Captive Portal Login
- com.android.partnetbrowsercustomization.tmobile (T-Mobile won a case against Huawei for the use of the T-Mobile android scripts)
- Huawei share
- Huawei search index and services
- Huawei intelligent recording system
- Exchange Services
- Fused Location
- Google Backup Services
- Google Play Services
- Google Services Framework
- Package installer
- Print spooler (why is this running when not using any printer)
- Push services
- System update
Europe’s biggest phone company identified hidden backdoors in the software that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy, a system that provides internet service to millions of homes and businesses, according to Vodafone’s security briefing documents from 2009 and 2011 seen by Bloomberg, as well as people involved in the situation.".
The following are IP addresses that the apps are sending queries to behind the scenes:
System (Most system apps are the above Huawei apps)
184.108.40.206:443 Hubei Bureau of Statistics
220.127.116.11:443 China Science and Technology Network
18.104.22.168:443 Amazon Data Services Singapore
22.214.171.124:443 Amazon Technologies Inc.
126.96.36.199:443 Amazon Data Services Singapore
188.8.131.52:443 Amazon Data Services Singapore
184.108.40.206:5222 Amazon Technologies Inc.
220.127.116.11:5222 Amazon Technologies Inc.
18.104.22.168 Alisoft Computing Co. Ltd.
22.214.171.124:443 Amazon Technologies Inc.
126.96.36.199:443 Amazon Data Services Ireland Limited
Huawei Mobile services
188.8.131.52:5222 Amazon Data Services Singapore
184.108.40.206:443 Shanghai Dnion Information Technology Co,Ltd
220.127.116.11:443 Amazon Data Services Singapore
18.104.22.168:443 Amazon Data Services Singapore
22.214.171.124:443 Amazon Data Services Singapore
126.96.36.199:443 Strangely, this one is going to Facebook
He said that whenever he starts any program or turns on the LTE data, the programs automatically send data to an Amazon server. The Huawei software update app keeps constantly trying to connect, but is blocked by his firewall.
Something that was confusing him is that the huawei.com domain goes to China, while www.huawei.com goes to the US. It made him suspect that the U.S. government and Huawei could be sharing information within themselves, and also sharing the data with Google and Facebook.
The following are the two IP addresses where Huawei is sending data to the U.S. and China:
188.8.131.52 - Huawei USA
184.108.40.206 - 220.127.116.11 - Huawei, Shenzhen China
He said that when he enables 4G in Taiwan, all the Huawei apps, including camera, gallery, and files send out data queries. Some apparently bypass Singapore and go straight to the Chinese IP addresses.
In addition to Huawei servers, he said that applications on his phone are also trying to send data to Google and Facebook. He said he always uses a browser to check emails and an encrypted password manager software.
Given the limited way he is using his phone, he says there should be no need to send data to Huawei, Google, or Facebook. Given all the applications secretly sending all sorts of data, he now thinks it might be a good idea to reset the cellphone and only use it for non-sensitive information use.
The Facebook page ExploitWareLabs at 5:32 p.m. on Sunday uploaded a post which included a list of DNS (Domain Name System) queries being delivered behind the scenes from a new Huawei P30 Pro. A DNS query (also known as a DNS request) is a demand for information sent from a user's computer (DNS client) to a DNS server.
Screenshot showing HwIntelligentRec-System still running in background.
Screenshot showing hiview still running in background.