close

News WrapGet Handpicked Stories from our editors directly to your mailbox

Xiaomi fixes pre-installed smartphone app that put users at risk

Xiaomi fixes pre-installed smartphone app that put users at risk
Check Point Research further claimed to have informed Xiaomi of the vulnerability, following which the Chinese smartphone maker released an update patch to fix the issue.
Written By: ZeeBiz WebTeam
Updated: Sat, Apr 06, 2019
06:48 pm
ZeeBiz WebDesk
RELATED NEWS
Samsung Galaxy M10s review: A major upgrade on M10 that offers decent value for money Samsung Galaxy M10s review: A major upgrade on M10 that offers decent value for money
WhatsApp is a battery killer on Android smartphones now? Users of OnePlus, Samsung, Xiaomi, others raise alarm WhatsApp is a battery killer on Android smartphones now? Users of OnePlus, Samsung, Xiaomi, others raise alarm
India smartphone market ships record 46.6 mn units in Q3 2019; Xiaomi leads India smartphone market ships record 46.6 mn units in Q3 2019; Xiaomi leads
New generation Xiaomi Cordless Vacuum Cleaner F8 Storm FX unveiled in India New generation Xiaomi Cordless Vacuum Cleaner F8 Storm FX unveiled in India
Affordable Xiaomi Mi Air Purifier 3 launched in India priced at Rs 9,999; packs HEPA filter Affordable Xiaomi Mi Air Purifier 3 launched in India priced at Rs 9,999; packs HEPA filter

Today almost every smartphone comes with several pre-installed apps and you may not be able to uninstall them. While most of these apps are secure, sometimes, some of them may make your privacy and security vulnerable. A report by Slava Makkaveev of Check Point Research, which was shared by malware researcher Lukas Stefanko on this Twitter handle, claimed that Xioami phones' pre-installed security app ‘Guard Provider’ was vulnerable to MitM attack when downloading Antivirus app.  

This is scary as Xioami is one of the most selling smartphones in India and China, and has an almost 8% market share in the world. The irony is that the app meant for phone's security was exposing the users to an attack, claimed the report. 

"Due to the unsecured nature of the network traffic to and from Guard Provider, a threat actor could connect to the same Wi-Fi network as the victim and carry out a Man-in-the-Middle (MiTM) attack. Then, as part of a third-party SDK update, he could disable malware protections and inject any rogue code he chooses such to steal data, implant ransomware or tracking or install any other kind of malware," the report said.

The Xiaomi ‘Guard Provider’ is a pre-installed app in all mainstream Xiaomi phones. It uses third-party Software Development Kits (SDKs) to provide security service like device protection, clearing and boosting. This is present in smartphones sold in India as well. 

Watch This Zee Business Video

No need to worry

Check Point Research further claimed to have informed Xiaomi of the vulnerability, following which the Chinese smartphone maker released an update patch to fix the issue. Thus, now you need not worry and just install any update that your phone receives to be safe.