Skip to main content

Security flaws found in Xiaomi mobile apps

(Image credit: Image Credit: Flickr / keso s)

Just a few days back we reported that some of Huawei’s laptops came with latent malware on pre-installed software, and now we’re getting similar reports for another Chinese-based hardware giant.

This time, however, it’s Xiaomi, one of China’s biggest smartphone manufacturers.

As with a vast majority of smartphones, Xiaomi’s come with what’s known as ‘bloatware’ – preinstalled apps designed for different uses. One of the apps came with a vulnerability that would allow malicious actors to perform a man-in-the-middle attack, inject malicious code into virtually any device in order to track it, syphon passwords, payment data and private information, or literally anything else.

To make the irony even greater, the bloatware app in question is called ‘Guard Provider’, Xiaomi’s form of antivirus whose goal was to protect the phone from malware.

The news was first reported by security researchers from Check Point Research. It says Guard Provider uses multiple third-party SDKs, for device protection, clearing and boosting. It also comes with three separate antivirus brands that users can choose from: Avast, AVL and Tencent.  

Check Point Research claims that it would be enough for a hacker to connect to the same Wi-Fi attack as the victim in order to carry out the man-in-the-middle attack.

Xiaomi was informed on the flaw and it quickly issued a fix.

Image Credit: Flickr / keso s