8 April 2019

Check Point finds vulnerability in Xiaomi preinstalled app

An unusual vulnerability was recently discovered in Xiaomi phones by researcher Slava Makkaveev from cybersecurity vendor Check Point Software.

Check Point Research found the vulnerability in a preinstalled security app on phones from Xiaomi, which has almost 8% market share and which ranks third in the mobile phone market.

The Guard Provider (com.miui.guardprovider) app, which is meant to detect malware, could allow cyber criminals to connect to the same Wi-Fi network as the victim and carry out a man-in-the-middle (MiTM) attack. MiTM describes how malware can act as an eavesdropper, copying information as it travels to and from the phone to other destinations online.

The cyber criminal could also do more as part of a third-party software development kit (SDK) update, such as disable malware protections and inject rogue code. Such code could be used to steal data, implant ransomware or tracking or install any other kind of malware.

Check Point disclosed this vulnerability to Xiaomi, which released a patch shortly after.

Check Point suggests that users is immediately uninstall offensive apps,  check permissions for each of the apps in their phones, and see which apps may be out of line and demanding too many permissions.

Be paranoid and install from only Google Play at the very least, the company said. As pre-installed apps often cannot be uninstalled, then perhaps the minimum a user can do is to disable all forms of connectivity (LTE/3G and Wi-Fi) and permissions to such apps, and "force stop" the app from running. A more robust cybersecurity app may need to be installed as well for more comprehensive protection, Check Point added.

Details:

Read the technical blog