Xiaomi fixes pre-installed smartphone app that put users at risk

Xiaomi fixes pre-installed smartphone app that put users at risk
Check Point Research further claimed to have informed Xiaomi of the vulnerability, following which the Chinese smartphone maker released an update patch to fix the issue.
By ZeeBiz WebTeam
Updated: Sat, Apr 06, 2019
06:48 pm
ZeeBiz WebDesk
RELATED NEWS
Adidas India appoints Neelendra Singh as GM Adidas India appoints Neelendra Singh as GM
Redmi K20 with Snapdragon 855 chip coming on May 28 Redmi K20 with Snapdragon 855 chip coming on May 28
Confirmed! Realme X to be priced around Rs 18,000 in India, but may have different specs Confirmed! Realme X to be priced around Rs 18,000 in India, but may have different specs
Redmi Note 7S to be launched in India today: All you need to know about this 48MP camera smartphone Redmi Note 7S to be launched in India today: All you need to know about this 48MP camera smartphone
Redmi Note 7S launch tomorrow; Camera samples shared, Know what it has Redmi Note 7S launch tomorrow; Camera samples shared, Know what it has

Today almost every smartphone comes with several pre-installed apps and you may not be able to uninstall them. While most of these apps are secure, sometimes, some of them may make your privacy and security vulnerable. A report by Slava Makkaveev of Check Point Research, which was shared by malware researcher Lukas Stefanko on this Twitter handle, claimed that Xioami phones' pre-installed security app ‘Guard Provider’ was vulnerable to MitM attack when downloading Antivirus app.  

This is scary as Xioami is one of the most selling smartphones in India and China, and has an almost 8% market share in the world. The irony is that the app meant for phone's security was exposing the users to an attack, claimed the report. 

"Due to the unsecured nature of the network traffic to and from Guard Provider, a threat actor could connect to the same Wi-Fi network as the victim and carry out a Man-in-the-Middle (MiTM) attack. Then, as part of a third-party SDK update, he could disable malware protections and inject any rogue code he chooses such to steal data, implant ransomware or tracking or install any other kind of malware," the report said.

The Xiaomi ‘Guard Provider’ is a pre-installed app in all mainstream Xiaomi phones. It uses third-party Software Development Kits (SDKs) to provide security service like device protection, clearing and boosting. This is present in smartphones sold in India as well. 

Watch This Zee Business Video

No need to worry

Check Point Research further claimed to have informed Xiaomi of the vulnerability, following which the Chinese smartphone maker released an update patch to fix the issue. Thus, now you need not worry and just install any update that your phone receives to be safe.