‘Security’ app on Xiaomi phones has dangerous security flaw: Check Point

Main Image
  • Like
  • Comment
  • Share

Xiaomi has sold millions of smartphones in India in the past few years and has even managed to attain number one smartphone brand slot for straight 6 quarters, as per IDC reports. At the time when there is a tremendous demand for Xiaomi phones in India, a new report on a possible flaw in pre-installed default ‘Security’ app has been published by Israeli cyber-security research firm.

The cybersecurity firm Check Point recently discovered a flaw in a pre-installed app that was meant to detect and protect Xiaomi phones from malware attacks in the first place.

The report explains the security flaw in full details. According to the Check Point report, the traffic to and from ‘Guard Provider’ (com.miui.guardprovider) is not encrypted which leaves a potential to carry out a Man-in-the-Middle (MiTM) attack when connected to the same network.

The research firm identified the integration of Xiaomi’s pre-installed app uses three different third-party Software Development Kits namely Avast, AVL and Tencent. Out of the three Avast and AVL are antivirus protection while Tencent SDK cleans and boosts phones performance.

ALSO READ: Samsung Galaxy A20 is a subdued Galaxy A30 sibling priced at Rs. 12,490

The cause of potential threat here is that all three apps are bundled together, therefore, they all share the same app permissions. The disadvantage of it is that if one SDK update is injected with a rogue code it could impact an attack on the other two SDKs as well.

The vulnerability has limited impact and should be fixed in a future update. But still, any attack based on this flaw could result in compromised inbound and outbound internet traffic. Lack of encryption also means an attacker could effectively gain control over the victim’s phone. Xiaomi is yet to release a statement on this issue. Once Xiaomi puts out a statement in public we will add it to this report.

Deepak RajawatDeepak Rajawat
Experienced technology journalist with over 7-years of experience. Before embracing online journalism, he has worked with several legacy publications including print editions at Hindustan Times and The Statesman. He also has a keen interest in Sports, which he used to cover with equal enthusiasm in his early career.

Related Articles

ImageOnePlus Open Foldable smartphone to Launch on October 19th

OnePlus enthusiasts, mark your calendars for October 19th! After months of anticipation and rumors surrounding its first-ever foldable smartphone, OnePlus has finally confirmed the official launch is happening soon. The device was initially supposed to debut on August 29th, but due to last-minute design changes delayed the launch leaving tech enthusiasts waiting longer for the …

ImageXiaomi phones to be thrown away says Lithuania Defence Ministry; Company Dismisses Content censoring Allegations

In recent research conducted by Lithuania Defence Ministry, Xiaomi phones have been found to have built-in censorship capabilities. The National Cyber Security Centre of Lithuania claims that Mi 10T 5G’s inbuilt capability had been found turned off for the European Union Region but could be turned on anytime they wanted. Following this, the Lithuania ministry …

ImageIndia Bans Mi Browser Pro over data privacy concerns

The government of India has been gunning for Chinese apps ever since the Indo-china clash in the Ladakh region. Since then the Indian government has banned 59 Chinese apps followed by 47 more apps. Today, the Modi government has slapped a ban on Xiaomi’s Mi Browser Pro app in the country. The government points to …

ImageXiaomi is working on ‘Mix Flip’, a flip-style foldable phone

After Samsung, Huawei, Oppo, and a few other brands, Xiaomi has been successfully launching its foldable phones (Mix Fold 3) for some time now. Unlike other OEMs, the Chinese brand has been away from launching a flip-style phone (also dubbed as small fold), however, things might change soon. Xiaomi currently has the sixth-largest share in …

ImageGoogle Introduces Extensions, Double-Check Button For Bard

Google has announced a slew of updates for Bard, the company’s AI chatbot. The new features include better connectivity with Google apps and services, the ability to double-check responses and continue someone else’s chat, and the availability of the chatbot in more than 40 languages. Here’s everything new with Google’s Bard. Integration With Google Apps …


Be the first to leave a comment.