Captured DNS requests from a Huawei P30 Pro purchased brand new in Tha…

Captured DNS requests from a Huawei P30 Pro purchased brand new in Tha…

Captured DNS requests from a Huawei P30 Pro purchased brand new in Thailand

Avant de choisir un smartphone pliable, il faut absolument voir les différents appareils disponibles sur le marché. Lequel, permettra vraiment de mater les jokes chaque jours de manière gréable ?

Captured DNS requests from a Huawei P30 Pro purchased brand new in Thailand


Voir sur Reddit by Eclipsed830

37 réflexions au sujet de “Captured DNS requests from a Huawei P30 Pro purchased brand new in Tha…”

  1. Domain names on master.txt are captured DNS requests from Huawei P30 Pro purchased brand new in Thailand. According to ExploitWareLabs, all of these queries were sent to Chinese government-run servers despite the fact that the user had not configured the phone for any Huawei services, such as Huawei ID or any Hi services. beian.gov.cn is managed by China’s Ministry of Public Security. china.com.cn is registered by EJEE Group and operated by the state-run China Internet Information Center.

    Again, we know nothing about the data, if any, that is being transmitted. It’s just something you should know if you own a P30, because you can block these IP’s using a service like openDNS.

    More info here: https://www.facebook.com/ExWareLabs/photos/a.361854183878462/2296167797113748/?type=3&theater

    (THIS COULD BE NOTHING, I just thought it deserved a share)

    edit:
    Explanation for An Existing of beian.gov.cn
    Due to my responsibility for this hobby research to prevent distributing misleading or misunderstanding information, and suggestions made by other researchers to discover more findings or correct me if I did something wrong. As an intention for this research I told everyone in Thai, we couldn’t and shouldn’t make a conclusion in this moment until we can see everything clearly.

    The requests to beian.gov.cn were happened during testing, originate from baidu.com. Please see this analysis report for more info

    Timeline
    April 22, 2019: Received a message from Huawei Thailand for supporting. They will try to coordinate with Huawei HQ.
    April 23, 2019:
    Sent more information about an analysis of http://www.beian.gov.cn to Huawei Thailand
    Updated code and lists to support whitelist domain names and exclude false positive domain names
    Updated posts to 2600 Thailand, /r/netsec on the thread and other media
    Huawei Thailand ackownledged new update on false positive

  2. Huawei: We are totally legit and not shady at all.

    Also Huawei: (does this)

    Edit: It appears we’ve been bamboozled. Please read the GitHub page for explanation.

  3. Developer rolled back claims on connection to Chinese gov server:

    >The requests to beian.gov.cn were happened during testing, originate from baidu.com. Please see this analysis report for more info

    As far as I know beian is the equivalent of Chinese ICANN almost every website in China touches it on some level, it’s purpose looks administrative.

    Anyone with half a brain who did cursory search on Exploit WareLabs should stumble on this article which highlights lack of publish rigor from another [expose last year](https://avleonov.com/tag/exploitwarelabs/). Juice:

    >Our research team studied the video and we have several reasons to doubt its authenticity. We’ve conducted a thorough audit over the last 48 hours based the few details that are in the video and didn’t find anything. We reached out the researcher and instead of replying he removed the video*. We’ll communicate if indeed there is a risk.

    Use some common sense people, many security experts from government appointed investigators in western countries (including the FIVE EYE members) to private security researchers have found ZERO technical exploits or software/hardware backdoor connections between Huawei and the Chinese government. They’ve been searching for 10 years and found nothing. There’s accusations of poorly written spaghetti code but that’s only with full access to source code provided by Huawei. Did some facebook security enthusiast with no other web presence find what governments and industry experts could not, or did they just jump the gun because they’re amateurs. The Huawei security concern is based on potential risk, which is valid but of course when there’s nothing firm to attack, the only thing left is to smear.

    But that doesn’t matter now, people want to see what they see and the damage is already done.

    Here’s a protip to decipher when an anti-Chinese / Huawei article is bullshit: if it’s published by Falungong, radio free asia, taiwanese websites and do not have widespread cross-dissemination from several prominent media outlets, it’s bullshit.

  4. Any site with a Chinese domain will have a Registration File No.(备案,pinyin: beian)by law. And this number is almost always have a link to its document in the government database. Think this is as a Chinese government version of whois service. Try to visit https://z.cn (Amazon China) and you will see this number at the bottom of the desktop version page, right of the coat of arms of Chinese police. Amazon china’s beian number is 11010502030232.

    This link and that small coat of arms will definitely trigger an dns query, thus it should not be a big thing.

    I’m not saying Huawei is totally clean just saying for this case, it should be a false alarm.

  5. Oh come on… beian (备案) literally means registration and beian.gov.cn is the website registration department. If you visit a website in China, you can notice there will always be a link/registration number at the very bottom of the page.

    In the case of Baidu, it’s:
    京ICP证030173号 (Beijing Internet Content Provider No. 030173)
    京公网安备11000002000001号 (Beijing Public Internet Security Registration No. 11000002000001)

    And there is a logo before the last registration number, which is linked to beian.gov.cn
    I think this is the source of the DNS request.

    … Which links to the registration page of Baidu, in this case http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11000002000001

  6. Do people even read the link before jumping on the hate train?
    The person just updated the github explaining that he was incorrectly filtering requests and the dns requests were being made while testing baidu.com

    **THE PHONE IS SENDING CHINESE DNS REQUESTS WHILE MANUALLY ACCESSING A CHINESE WEBSITE**

    Being a government domain doesn’t mean anything, just some resource on baidu was requested from that address.

    The other 2 (hicloud and dbankcdn) are owned by Huawei and even if you open the apps just to say that you don’t want to share data, they’ll likely send a request to check the servers are up.

  7. Changing the Os of Huawei to let’s say LineageOS gets ride of this problem? I want a Huawei phone because I don’t want my porn history going to Uncle Sam but neither the Chinese government

  8. I’m wondering – is this any different to what it would look like if you took an Apple or Samsung phone to China and watched it phone back to the US and South Korea,..?

Les commentaires sont fermés.