Earlier this week it was reported by the Guardian that parts of the Chinese border force have been installing spyware onto the mobile phones of tourists attempting to cross certain parts of the Chinese border.
An investigation by the Guardian unveiled that the Chinese government’s heavy surveillance of the remote region of Xinjiang, extends beyond the scrutiny of its own population to visitors of the region. It’s been reported that tourists are being targeted when attempting to enter the Xinjiang region from the bordering country, Kyrgyzstan.
China is known to be conducting intensive mass surveillance of residents in the Xinjiang region, mostly Muslim ethnic minority groups.
It’s been reported that when traveling through the border checkpoint, visitors’ phones are taken into another room and everyone is asked to hand over their phone’s passcodes to officials. The phones are held for around an hour until being returned to their owners with no explanation.
Despite the lack of explanation or warning given by border officials, it’s been reported that tourist information in Kyrgyzstan have been warning tourists that something may happen to their phone when crossing over the border.
Although officials aren’t giving anything away at the borders, some of the infected phones have since been analysed to help provide an insight as to what’s really going on.
When an android phone is taken from a visitor at the border, an app is covertly installed onto the smart phone that extracts texts, emails, contacts and information relating to the device itself. In many cases it appears that before returning the phone, the app is then uninstalled. However, some users have discovered the app still on their phone after being reunited with their device. The app used the default android app icon and is named ‘蜂采’. The name of the app doesn’t translate to English directly, but it refers to bees collecting honey.
The process used for iPhones differs slightly. Instead of an app being installed on the phone, the device is taken and connected to a reader that scans the phone to retrieve the same information as the app on the android devices.
At the moment it’s unclear where all of the extracted information is stored and how long for.
This kind of threat is something that QCC has been warning clients of for over ten years. The threat level is ever increasing as the installation of spyware and mass surveillance becomes more common.