Skip to main content

Security flaws found in Xiaomi mobile apps

(Image credit: Image Credit: Flickr / keso s)

Just a few days back we reported that some of Huawei’s laptops came with latent malware on pre-installed software, and now we’re getting similar reports for another Chinese-based hardware giant.

This time, however, it’s Xiaomi, one of China’s biggest smartphone manufacturers.

As with a vast majority of smartphones, Xiaomi’s come with what’s known as ‘bloatware’ – preinstalled apps designed for different uses. One of the apps came with a vulnerability that would allow malicious actors to perform a man-in-the-middle attack, inject malicious code into virtually any device in order to track it, syphon passwords, payment data and private information, or literally anything else.

To make the irony even greater, the bloatware app in question is called ‘Guard Provider’, Xiaomi’s form of antivirus whose goal was to protect the phone from malware.

The news was first reported by security researchers from Check Point Research. It says Guard Provider uses multiple third-party SDKs, for device protection, clearing and boosting. It also comes with three separate antivirus brands that users can choose from: Avast, AVL and Tencent.  

Check Point Research claims that it would be enough for a hacker to connect to the same Wi-Fi attack as the victim in order to carry out the man-in-the-middle attack.

Xiaomi was informed on the flaw and it quickly issued a fix.

Image Credit: Flickr / keso s

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.