Breaking News

G.SKILL Announces T5 Neo Series DDR5-6400 CL38 512GB (64GBx8) Overclocked R-DIMM Memory Kit with AMD EXPO Support for AMD Ryzen Threadripper PRO Workstations ZOTAC to Launch GeForce RTX 5090 ARCTICSTORM AIO & GeForce RTX 5060 Low Profile KIOXIA Commences Sample Shipments of 9th Generation BiCS FLASH 512Gb TLC Devices Synology Unveils DiskStation DS225 Plus New PS5 system update beta previews DualSense wireless controller pairing across multiple devices

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Researchers Found Vulnerability in Xiaomi's Pre-installed Security App

Researchers Found Vulnerability in Xiaomi's Pre-installed Security App

Smartphones Apr 4,2019 0

Check Point Research recently discovered a vulnerability in one of the preinstalled apps in one of the world’s biggest mobile vendors, Xiaomi, which, with almost 8% market share in 2018, ranks third in the mobile phone market.

Ironically, it was the pre-installed security app, ‘Guard Provider’, which should protect the phone from malware, which exposes the user to an attack.

Briefly put, due to the unsecured nature of the network traffic to and from Guard Provider and the use of multiple SDKs within the same app, a threat actor could connect to the same Wi-Fi network as the victim and carry out a Man-in-the-Middle (MiTM) attack. Due to gaps in communication between the multiple SDKs, the attacker could then inject any rogue code he chooses such as password stealing, ransomware, tracking or any other kind of malware.

Like all pre-installed applications like Guard Provider, these kinds of apps are present on all mobile devices out-of-the-box and cannot be deleted. Check Point disclosed this vulnerability to Xiaomi, which released a patch shortly after.

A software development kit (SDK) is a set of programming tools to help developers create apps for a specific platform. In the case of mobile devices, mobile SDKs have helped developers by removing the need to spend time writing code and developing back-end stability for functionalities unrelated to the core of their app.

But as more and more third party code is added to the app, the effort around keeping its production environment stable, protecting user data and controlling the performance gets much more complicated.

Tags: XiaomibugssmartphonesSecurity
Previous Post
Samsung Collaborates with Universal Pictures Home Entertainment on HDR10+ Content
Next Post
WhatsApp Business App Coming to the iPhone

Related Posts

  • Xiaomi Introduces Redmi A5

  • Xiaomi Showcases Connected Intelligence at MWC 2025

  • Leica Camera AG and Xiaomi Present the Xiaomi 15 Series

  • Xiaomi SU7 Ultra Officially Opens Sale with a Starting Price of RMB 529,900

  • Xiaomi and Leica announce Xiaomi 14T and Mix Flip series with Leica optics

  • Redmi Note 13 Series Expands with New Olive Green Redmi Note 13 Pro 5G

  • Introducing Redmi 13: 108MP Camera Paired with Fun Features to Unleash Your Creativity

  • Introducing Redmi Pad Pro: Elevating entertainment with immersive display and seamless performance

Latest News

G.SKILL Announces T5 Neo Series DDR5-6400 CL38 512GB (64GBx8) Overclocked R-DIMM Memory Kit with AMD EXPO Support for AMD Ryzen Threadripper PRO Workstations
PC components

G.SKILL Announces T5 Neo Series DDR5-6400 CL38 512GB (64GBx8) Overclocked R-DIMM Memory Kit with AMD EXPO Support for AMD Ryzen Threadripper PRO Workstations

ZOTAC to Launch GeForce RTX 5090 ARCTICSTORM AIO & GeForce RTX 5060 Low Profile
GPUs

ZOTAC to Launch GeForce RTX 5090 ARCTICSTORM AIO & GeForce RTX 5060 Low Profile

KIOXIA Commences Sample Shipments of 9th Generation BiCS FLASH 512Gb TLC Devices
Enterprise & IT

KIOXIA Commences Sample Shipments of 9th Generation BiCS FLASH 512Gb TLC Devices

Synology Unveils DiskStation DS225 Plus
Enterprise & IT

Synology Unveils DiskStation DS225 Plus

New PS5 system update beta previews DualSense wireless controller pairing across multiple devices
Gaming

New PS5 system update beta previews DualSense wireless controller pairing across multiple devices

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

be quiet! Pure Base 501

be quiet! Pure Base 501

Terramaster F8-SSD

Terramaster F8-SSD

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed