Pierluigi Paganini July 03, 2019

Chinese border guards are secretly installing a surveillance app on smartphones of tourists and people crossings in the Xinjiang region who are entering from Kyrgyzstan.

Are you entering in the Xinjiang (China) from Kyrgyzstan? There is something that you need to know, Chinese border guards are secretly installing surveillance software on the mobile devices of tourists and people crossings in the Xinjiang region who are entering from Kyrgyzstan.

The disconcerting news was revealed by a joint investigation conducted by the New York Times, the Guardian, Süddeutsche Zeitung and other outlets. The surveillance software allows operators to spy on victims, accessing emails, text messages, contacts, calendar entries, call records.

“China’s border authorities routinely install the app on smartphones belonging to travelers who enter Xinjiang by land from Central Asia, according to several people interviewed by the journalists who crossed the border recently and requested anonymity to avoid government retaliation. Chinese officials also installed the app on the phone of one of the journalists during a recent border crossing.” reported the New York Times. “Visitors were required to turn over their devices to be allowed into Xinjiang.”

Xinjiang is a provincial-level Chinese autonomous region in the northwest, it spans over 1.6 million km² that host many Muslim ethnic minority groups. China is known to be conducting massive surveillance operations against some of these groups, such as the Muslim Turkic minority Uighurs.

Beijing believes that Uighurs are responsible for Islamic extremism and terrorist attacks on Chinese targets.

The spyware, called Feng Cai (蜂采) or BXAQ, also scans infected Android devices for over 73,000 pre-defined files related to Islamic extremist groups, including ISIS recruitment fliers, bomb-making instructions, and images of executions.

The app can be also installed on Apple devices connecting the phones to a hardware-based device.

Researchers at German cybersecurity firm Cure53 found evidence that the app was developed by a unit of FiberHome, a Chinese telecom manufacturer that is partly owned by the government.

“Names that appear in Fengcai’s source code suggest that the app was made by a unit of FiberHome, a producer of optical cable and telecom equipment that is partly owned by the Chinese state.” continues the NYT. “The unit, Nanjing FiberHome StarrySky Communication Development Company, says on its website that it offers products to help the police collect and analyze data, and that it has signed agreements with security authorities across China.”

At the time of writing it is unclear how the Chinese government uses the collected data.

Pierluigi Paganini

(SecurityAffairs – surveillance app, China)

[adrotate banner=”5″]

[adrotate banner=”13″]