Xiaomi’s Pre-Installed Security App Makes 150 Million Devices Vulnerable

With so many cyber attacks occurring on a daily basis, it’s only natural that companies responsible for manufacturing the devices that are vulnerably to cyber attacks are going to try and make it so that their specific devices will have certain security features that will make it far less likely that any serious attacks will end up occurring at any point in time.

Xiaomi is a major manufacturer of smartphones and its smart devices have over one hundred and fifty million users, according to its company blog. In order to safeguard its user base, Xiaomi did something a little unique. What it did was that it tried to create a better security infrastructure by installing an app into all of its phones before they ship out. This app is called Guard Provider, and it comes built into all Xiaomi devices for the purposes of security.

The only problem is that the security feature that is supposed to protect you from cyber attacks might just end up being the very thing that’s causing these attacks in the first place, at least in a way. Guard Provider has been proven to make smartphones vulnerable rather than keeping them safe.
"Briefly put, due to the unsecured nature of the network traffic to and from Guard Provider, a threat actor could connect to the same Wi-Fi network as the victim and carry out a Man-in-the-Middle (MiTM) attack.", explained Slava Makkaveev a security researcher in a blog post on Checkpoint.
The main problem with Guard Provider is that it gets its updates from a connection that has not been secured, which means that it can be accessed by malicious actors in order to send all kinds of harmful bots and viruses into the device that the update is being transmitted into. All a hacker will need is some kind of toolkit that would allow him or her to manipulate the data being sent and cyber attacks will ensue. It is currently unknown if Xiaomi is working on a fix for this.

A serious flaw in Xiaomi's pre-installed security app could affect more than 150 million devices
Photo: blog / mi.com
Previous Post Next Post