Today almost every smartphone comes with several pre-installed apps and you may not be able to uninstall them. While most of these apps are secure, sometimes, some of them may make your privacy and security vulnerable. A report by Slava Makkaveev of Check Point Research, which was shared by malware researcher Lukas Stefanko on this Twitter handle, claimed that Xioami phones' pre-installed security app ‘Guard Provider’ was vulnerable to MitM attack when downloading Antivirus app.  

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

This is scary as Xioami is one of the most selling smartphones in India and China, and has an almost 8% market share in the world. The irony is that the app meant for phone's security was exposing the users to an attack, claimed the report. 

"Due to the unsecured nature of the network traffic to and from Guard Provider, a threat actor could connect to the same Wi-Fi network as the victim and carry out a Man-in-the-Middle (MiTM) attack. Then, as part of a third-party SDK update, he could disable malware protections and inject any rogue code he chooses such to steal data, implant ransomware or tracking or install any other kind of malware," the report said.

The Xiaomi ‘Guard Provider’ is a pre-installed app in all mainstream Xiaomi phones. It uses third-party Software Development Kits (SDKs) to provide security service like device protection, clearing and boosting. This is present in smartphones sold in India as well. 

Watch This Zee Business Video

No need to worry

Check Point Research further claimed to have informed Xiaomi of the vulnerability, following which the Chinese smartphone maker released an update patch to fix the issue. Thus, now you need not worry and just install any update that your phone receives to be safe.