Yesterday, I connected my MiPad to the internet for the first time and noticed a lot of background downloading happening immediately. This is not supposed to be happening since I've disabled automatic update checking and running the latest stable ROM (V7.3.1.0.KXFMIDD) from here. I used the "busybox netstat -at" command to see what's going on and sure enough, found that the MiPad is downloading lots of data from the IP 42.62.94.2 on the xmpp-client port:
I did a quick google search and found that others have found this and suspected a backdoor too. The WHOIS information is traced to a company called WLWM Communication Tech. co. ltd in Haidian District,Beijing. Can some experts here explain what could be going on here?
Code:
tcp 0 0 ::ffff:10.42.0.199:39645 ::ffff:74.125.68.188:5228 ESTABLISHED
tcp 1 0 ::ffff:10.42.0.199:35061 ::ffff:216.58.221.46:https CLOSE_WAIT
tcp 1 0 ::ffff:10.42.0.199:40799 ::ffff:216.58.220.1:https CLOSE_WAIT
tcp 1 0 ::ffff:10.42.0.199:37015 ::ffff:216.58.196.193:https CLOSE_WAIT
tcp 38 0 ::ffff:10.42.0.199:55343 ::ffff:52.77.134.112:https CLOSE_WAIT
tcp 0 0 ::ffff:10.42.0.199:48529 ::ffff:42.62.94.2:xmpp-client ESTABLISHED
tcp 38 0 ::ffff:10.42.0.199:43885 ::ffff:52.74.1.172:https CLOSE_WAIT
tcp 0 0 ::ffff:10.42.0.199:45423 ::ffff:172.217.24.238:https ESTABLISHED
tcp 1 0 ::ffff:10.42.0.199:37061 ::ffff:216.58.196.193:https CLOSE_WAIT
tcp 1 0 ::ffff:10.42.0.199:34925 ::ffff:172.217.26.1:https CLOSE_WAIT
tcp 1 0 ::ffff:10.42.0.199:34245 ::ffff:216.58.196.193:https CLOSE_WAIT
tcp 1 0 ::ffff:10.42.0.199:32864 ::ffff:216.58.221.46:https CLOSE_WAIT
tcp 1 0 ::ffff:10.42.0.199:46026 ::ffff:216.58.196.193:https CLOSE_WAIT
tcp 1 0 ::ffff:10.42.0.199:35559 ::ffff:54.169.176.68:xmpp-client CLOSE_WAITI did a quick google search and found that others have found this and suspected a backdoor too. The WHOIS information is traced to a company called WLWM Communication Tech. co. ltd in Haidian District,Beijing. Can some experts here explain what could be going on here?
No comments:
Post a Comment