Xiaomi fixes pre-installed smartphone app that put users at risk

Xiaomi fixes pre-installed smartphone app that put users at risk
Check Point Research further claimed to have informed Xiaomi of the vulnerability, following which the Chinese smartphone maker released an update patch to fix the issue.
Written By: ZeeBiz WebTeam
Updated: Sat, Apr 06, 2019
06:48 pm
ZeeBiz WebDesk
RELATED NEWS
Redmi Note 10 series India launch: Check first look, key specs and other details here Redmi Note 10 series India launch: Check first look, key specs and other details here
Redmi K40, Redmi K40 Pro and Redmi K40 Pro+ launched; Check Price, Specs, availability in India Redmi K40, Redmi K40 Pro and Redmi K40 Pro+ launched; Check Price, Specs, availability in India
Redmi K40 series set to launch today: Check expected price, specs and other details NOW! Redmi K40 series set to launch today: Check expected price, specs and other details NOW!
Redmi K40, Redmi K40 Pro launch today: Check timings, how to watch event live streaming Redmi K40, Redmi K40 Pro launch today: Check timings, how to watch event live streaming
Redmi 9 Power new variant launched in India; Check all details here! Redmi 9 Power new variant launched in India; Check all details here!

Today almost every smartphone comes with several pre-installed apps and you may not be able to uninstall them. While most of these apps are secure, sometimes, some of them may make your privacy and security vulnerable. A report by Slava Makkaveev of Check Point Research, which was shared by malware researcher Lukas Stefanko on this Twitter handle, claimed that Xioami phones' pre-installed security app ‘Guard Provider’ was vulnerable to MitM attack when downloading Antivirus app.  

This is scary as Xioami is one of the most selling smartphones in India and China, and has an almost 8% market share in the world. The irony is that the app meant for phone's security was exposing the users to an attack, claimed the report. 

"Due to the unsecured nature of the network traffic to and from Guard Provider, a threat actor could connect to the same Wi-Fi network as the victim and carry out a Man-in-the-Middle (MiTM) attack. Then, as part of a third-party SDK update, he could disable malware protections and inject any rogue code he chooses such to steal data, implant ransomware or tracking or install any other kind of malware," the report said.

The Xiaomi ‘Guard Provider’ is a pre-installed app in all mainstream Xiaomi phones. It uses third-party Software Development Kits (SDKs) to provide security service like device protection, clearing and boosting. This is present in smartphones sold in India as well. 

Watch This Zee Business Video

No need to worry

Check Point Research further claimed to have informed Xiaomi of the vulnerability, following which the Chinese smartphone maker released an update patch to fix the issue. Thus, now you need not worry and just install any update that your phone receives to be safe.

Get Latest Business News, Stock Market Updates and Videos; Check your tax outgo through Income Tax Calculator and save money through our Personal Finance coverage. Check Business Breaking News Live on Zee Business Twitter and Facebook. Subscribe on YouTube.