Millions of Xiaomi devices have a pre-installed program with a security vulnerability

Share
  • 2
  •  
  •  
  • 2
  •  
  • 4
  •  
  •  
    8
    Shares

Everyone wants his smartphone to be safe. We avoid suspicious websites and links, we do not download anything from the web, we install various types of programs that protect us against threats and generally we do what we can. However, security is not always up to us. Xiaomi, also wanting to protect its customers, pre-installs on smartphones an application to scan the device for viruses.

Xiaomi phone
Xiaomi phone

Guard Provider uses Avast, AVL and Tencent scanners to detect potential malware and protect users’ devices and data. Unfortunately, there is one problem – the update mechanism. Researchers from Check Point have discovered a very dangerous vulnerability in the application. It turns out that it uses an unprotected HTTP connection when downloading updates.

Okay, but what does that mean? The fact that a skilled hacker can use Avast Update APK and upload malware to the Xiaomi phone by carrying out a man-in-the-middle (MITM) attack. The only requirement here is to connect to the same Wi-Fi network.

Cybercriminals can use MITM attacks to implement ransomware or capture data from an application (for example banking). They can even learn the name of the correct update file so that their software does not look suspicious.

The problem in this case is that Xiaomi pre-installs the Guard Provider on all of your smartphones. This means that the vulnerability threatens millions of devices. Fortunately, Xiaomi already knows about the problem and works with Avast to eliminate it as quickly as possible. Until then, however, you have to be careful. If you have a smartphone from Xiaomi, avoid connecting to public Wi-Fi networks. This is the easiest way for hackers who want to infect your device.

Best Free Antivirus Rank < – Check list of the best free antivirus-es on the market !

Comments