Security app on Xiaomi phones found to be vulnerable; company issues patch

Image Credit: Geralt / Pixabay (Image credit: Image Credit: Geralt / Pixabay)

Xiaomi phones with pre-installed Security app were found to be vulnerable to cyber attacks. The company is one of the largest mobile phones manufacturers in the world and the security flaw could have enabled attackers to access the incoming traffic via Guard Provider app. This flaw was discovered by Israeli cyber-security company, Check Point followed by which Xiaomi has issued a patch.

If this flaw would have been left unattended, it would have provided access to cyber-criminals to abuse this vulnerability and remotely control the phone or even steal user's data. In the report by Check Point, it was discovered that the default antivirus app Guard Provider uses three different services- Avast, AVL and Tencent. The codes for these services use unique Software Development Kits (SDKs) which has been found to be the root cause of the problem.

Interestingly, the coding libraries of Avast and AVL left open a way for anyone to run malicious code on Xiaomi smartphones, intercepting unencrypted traffic. This is known as the Man-in-the-Middle attack and often puts user data at risk.

The report also perfectly proves that the use of multiple SDKs on a single app can develop into security flaws that might put the user at even more risk. Moreover, these SDKs itself are full of bugs in the first place and can combine to mutate into a bigger vulnerability.

via ZDNet

Siddharth Chauhan
  • Siddharth Chauhan is the Consumer Technology Reporter at Digit India. He used to work as an Assistant Editor at TechRadar India
Latest in Websites & Apps
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 28 (game #1159)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 28 (game #390)
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI
Quordle on a smartphone held in a hand
Quordle hints and answers for Thursday, March 27 (game #1158)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Thursday, March 27 (game #389)
Quordle on a smartphone held in a hand
Quordle hints and answers for Wednesday, March 26 (game #1157)
Latest in News
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app announced, available today on iOS and Android devices – and here's what it does
Nintendo Virtual Game Card
Nintendo reveals the new Virtual Game Card feature, an easier way to manage your digital Switch games
Nintendo Switch 2
The Nintendo Switch 2 pre-order date has seemingly been confirmed by Best Buy Canada – here's when you'll be able to order yours
Person printing
Microsoft’s latest Windows 11 update exorcises possessed printers that spewed out pages of random characters
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long