Millions of Xiaomi devices had a pre-installed security flaw

Smart Android And Trik-Commenting on Andorid indeed never endless, because smart devices this one is often updated every certain amount of time. So that the market can always be garapnya menerinya with pleasure. And it is not denied if this device has become the lifestyle of each society. To not wonder if the 6th business information and many are turning to mobail smartphone. With Android which thoroughly dominated the mobile industry, choosing the best Android smartphone is almost identical to choose the best smartphone, period. But while Android phones have few real opponents on other platforms, internal competition is intense.

From the sleek devices impress with the design premium, up to a full plant furniture features, to a very good device, and affordable mobile phone has a heavy weight, the Android ecosystem inhabited by a diverse range of attractive mobile phone Millions of Xiaomi devices had a pre-installed security flaw Millions of Xiaomi devices had a pre-installed security flaw,But "oversize" are subjective, and sometimes pieces of the specification and a list of features is not enough to get an idea of how good a phone. In this roundup, we look at the absolute best-the Android phone you can't go wrong with. The habits of young people or to accentuate trand blindly lifestyle, make this a medoroang this clever device industry vying to do modifications to the device, with a distinctly vitur vitur-tercanggihnya. So it can be received over the counter Millions of Xiaomi devices had a pre-installed security flaw

Even though Xiaomi's security app is meant to protect its devices and user data, researchers at security firm Check Point disclosed earlier today that the app did the opposite.

Called Guard Provider, the app uses anti-virus scanners from Avast, AVL, and Tencent to detect potential malware. With Android malware finding different ways to get onto your device, it's not surprising to learn that Xiaomi pre-installs Guard Provider on all of its phones.

However, Check Point researchers found a glaring security flaw with the app — its update mechanism.

According to Check Point researcher Slava Makkaveev, Guard Provider receives updates through an unsecured HTTP connection. That means that bad actors could abuse the Avast Update APK and insert malware through a man-in-the-middle (MITM) attack, so long as they were on the same Wi-Fi network as their potential victims.

class="shortcodes-title">Editor's Pick

15 best antivirus apps and best anti-malware apps for Android!

Antivirus Android apps remain one of the most popular types of applications on Android. Generally, you don't need an antivirus app if you play it safe, only download apps from the Play Store, and keep …

An example of a MITM attack is active eavesdropping, which involves an attacker setting up an independent connection with a victim. The victim believes they're relaying messages with a legitimate third party, with the reality being that the attacker intercepts their messages and throws in new ones.

In addition to malware, Makkaveev said that attackers can also use MITM attacks to inject ransomware or tracking apps. Attackers can even learn the file name of the update in order to make their software look as innocuous as possible.

Because Guard Provider is pre-installed on Xiaomi phones, millions of devices feature the same security flaw. The good news is that Xiaomi is aware of the issue and worked with Avast to fix it.

Android Authority reached out to Xiaomi for comment but did not receive a response by press time.

NEXT: Xiaomi promises to knock it off with at least some of the obnoxious MIUI ads

from Android Authority https://ift.tt/2FPjXo8
via IFTTT

Tweet

Subscribe to receive free email updates: