We all know very well that the well-known Chinese smartphone brand, Xiaomi’s famous security application allowed hackers to intercept the connection to steal data or install malware, according to the security researchers of the well-renowned security firm, Check Point.
WARNING! Xiaomi Smartphones Have Security Flaw In This Security App
The well-known Chinese smartphone brand, Xiaomi’s well-known security application allowed hackers to intercept the connection to steal data or install malware, according to the security researchers of the well-renowned security firm, Check Point.
The failure was present in the Guard Provider (security app), which is found by default on smartphones with MIUI, so you cannot easily remove it. However, the problem was solved at the moment.
Also Read: Top 5 Best Home Security Apps For Android
The relatively simple loophole: the Guard Provider (security app) downgraded through an unencrypted HTTP connection. It was vulnerable to man-in-the-middle attacks, where an attacker could easily inject code to “steal data, send ransomware, or install any other malware,” as the well-known security firm Check Point said.
Moreover, the researchers notified the Chinese brand Xiaomi about the problem, and the manufacturer has already released a patch. “Xiaomi is aware of this and has already worked with our partner Avast to fix it,” a company spokeswoman told the well-known media portal CNET.
While Security failures in the Guard Provider (com. miupreinstalleder) can be more severe because it comes pre-installed by default and can not be easily removed, as we told earlier.
A topic from the XDA Developers forum on Pocophone F1 explains how to remove bloatpreinstallede devices via devices and the lidevicesseries of preinstalled apps. One user suggests including the Guard Provider in the list, but another person warns: “After uninstalling the MIUI (Guard Provider) security components, I can not install any application manually.”
How the attack worked on Xiaomi smartphones
The Guard Provider includes three antivirus engines: the user can choose between Avast, AVL, and Tencent by default. The application then periodically updates its virus database by downloading the avast-android-VPS-v4-release.apk file, explaining the security firm Check Point.
However, the update engine used an unprotected HTTP connection to download this file. Therefore, an attacker could efficiently perform a man-in-the-middle attack by connecting to the same Wi-Fi network and sending a file of its own. Not only that, but it could also prevent future Avast updates.
This was also possible if the user switched the antivirus engine to AVL, as the attacker could easily block the communication of the device with the AVL servers, forcing the user to choose Avast again.
“When multiple SDKs are deployed in the same app, likely, critical vulnerabilities are not far apart,” the research chess said. Moreover, the security firm Check Point criticizes the use of different SDKs in the same application, as they may have security holes that are individually small but can interact with each other. So, what do you think about this? Share all your views and thoughts in the comment section below. And if you liked this post, do not forget to share this post with your friends and family.