We all know very well that the well-known Chinese smartphone brand, of course, Xiaomi’s well-known security application allowed hackers to intercept the connection to steal data or install malware, according to the security researchers of the well-renowned security firm, Check Point.
WARNING! Xiaomi Smartphones Have Security Flaw In This Security App
The well-known Chinese smartphone brand, of course, Xiaomi’s well-known security application allowed hackers to intercept the connection to steal data or install malware, according to the security researchers of the well-renowned security firm, Check Point.
Basically, the failure was present in the Guard Provider (security app), which is found by default on smartphones with MIUI, so, you cannot easily remove it. However, the problem was solved at the moment.
The loophole was relatively simple: as the Guard Provider (security app) downgraded through an unencrypted HTTP connection. Which clearly means that it was vulnerable to man-in-the-middle attacks, in which an attacker could easily inject code to “steal data, send ransomware, or install any other malware,” as the well-known security firm Check Point said in a statement.
Moreover, the researchers notified the Chinese brand, of course, Xiaomi about the problem, and the manufacturer has already released a patch. “Xiaomi is aware of this and has already worked with our partner Avast to fix it,” a company spokeswoman told the well-known media portal CNET.
While Security failures in the Guard Provider (com.miui.guardprovider) can be more severe because it comes pre-installed by default, and can not be easily removed as we told earlier.
A topic from the XDA Developers forum on Pocophone F1 explains that how to remove bloatware from the device via root by listing a series of preinstalled apps. One user suggests to include the Guard Provider in the list, but another person warns: “After uninstalling the MIUI (Guard Provider) security components, I can not install any application manually.”
How the attack worked on Xiaomi smartphones
The Guard Provider includes three different antivirus engines: the user can choose between Avast, AVL, and Tencent by default. The application then periodically updates its virus database by downloading the avast-android-vps-v4-release.apk file, explains the security firm, Check Point.
However, the update engine used an unprotected HTTP connection to download this file. Therefore, an attacker could easily perform a man-in-the-middle attack by connecting to the same Wi-Fi network and sending a file of its own, and not only that even it could also prevent the future Avast updates as well.
This was also possible if the user switched the antivirus engine to AVL, as the attacker could easily block the communication of the device with the AVL servers, forcing the user to choose Avast again.
Moreover, the security firm, Check Point criticizes the use of different SDKs in the same application, as they may have security holes that are individually small but can interact with each other. “When multiple SDKs are deployed in the same app, it’s likely that even more critical vulnerabilities are not far apart,” as the researchers said. So, what do you think about this? Simply share all your views and thoughts in the comment section below. And if you liked this post then simply do not forget to share this post with your friends and family.