Xiaomi fixes pre-installed smartphone app that put users at risk
Today almost every smartphone comes with several pre-installed apps and you may not be able to uninstall them. While most of these apps are secure, sometimes, some of them may make your privacy and security vulnerable. A report by Slava Makkaveev of Check Point Research, which was shared by malware researcher Lukas Stefanko on this Twitter handle, claimed that Xioami phones' pre-installed security app ‘Guard Provider’ was vulnerable to MitM attack when downloading Antivirus app.
This is scary as Xioami is one of the most selling smartphones in India and China, and has an almost 8% market share in the world. The irony is that the app meant for phone's security was exposing the users to an attack, claimed the report.
Vulnerability in Xiaomi Pre-Installed Security App
Xiaomi's pre-installed security app ‘Guard Provider’ was vulnerable to MitM attack when downloading Antivirus app.
Attacker on local network could exchange downloaded APK for malware.https://t.co/W13C9SO929 pic.twitter.com/dNqeeWPWAI
— Lukas Stefanko (@LukasStefanko) April 5, 2019
"Due to the unsecured nature of the network traffic to and from Guard Provider, a threat actor could connect to the same Wi-Fi network as the victim and carry out a Man-in-the-Middle (MiTM) attack. Then, as part of a third-party SDK update, he could disable malware protections and inject any rogue code he chooses such to steal data, implant ransomware or tracking or install any other kind of malware," the report said.
The Xiaomi ‘Guard Provider’ is a pre-installed app in all mainstream Xiaomi phones. It uses third-party Software Development Kits (SDKs) to provide security service like device protection, clearing and boosting. This is present in smartphones sold in India as well.
Watch This Zee Business Video
No need to worry
Check Point Research further claimed to have informed Xiaomi of the vulnerability, following which the Chinese smartphone maker released an update patch to fix the issue. Thus, now you need not worry and just install any update that your phone receives to be safe.