Important Notice

Thank You for visiting our website We are hereby to inform that we are going to change the domain name of the website from to after 10 days.So,if you are unable to visit our website. You may check the domain for our website.

Monday, April 8, 2019

Hackers Turning Pre-Installed Security App in Xiaomi Smartphones into Malware

Hackers Turning Pre-Installed Security App in Xiaomi Smartphones into Malware

Hackers Turning Pre-Installed Security App in Xiaomi Smartphones into Malware, today we are going to know more on the topic of malware distribution by pre-installed Security application Xiaomi by hackers and leaving backdoor and exploits behind in the smartphone. How will you feel when you get a security application to protect antivirus is exposing your privacy and allowing you to get hacked and even worse.

Recently researchers revealed that one of the most common inbuilt security app. This security application is preinstalled in more than 150 million devices and these devices are manufactured by Xiaomi, China's biggest and world's 4th largest smartphone company, which is also known as Mi. This security application is suffering from a range of different security issues that can possibly have allowed hackers to compromise Xiaomi or Mi Company manufactured smartphones remotely.

Pre-Installed Security App – About the vulnerability

The vulnerability that is used by hackers Turning Pre-Installed Security App in Xiaomi Smartphones into Malware is the security application which comes pre-installed in only Xiaomi Smartphones. This pre-installed Security app is ‘Guard Provider’. Also, this security application is exposed to more than 150,000 Smartphones. This preinstalled security application named ‘Guard Provider’ allows an attacker to launch and target the victim’s device or Smartphone by launching MIMT attack (Man In The Middle Attack).

Even though the security application offers security including third party SDK’s, still the attacker can remotely launch Man in The Middle Attack in the Xiaomi device. Adding to this vulnerability also allows the user to disable malware and virus protection, deploy other viruses, tracking scripts and also can download or install media every stuff present in the victim's device.

Pre-Installed Security App in Xiaomi – Important Points

The security app that comes pre-installed to give high security to its users uses antivirus databases of three different antivirus companies in the form of SDK’s (Software Development Kits) which include - Avast, AVL, and Tencent Companies.

Using three different databases according to researchers was actually not a very good idea as the data which is contained in any SDK cannot be isolated or mixed and used along with other SDK. This is just because every database is designed in a different manner and order along with different specifications and so if any issue arises in any of the SDK will definitely compromise the security protection provided to the users.

However, the most important and the hidden disadvantage which couldn’t be seen was that of using three different SDK in a single security application is that all the SDK’s will share each and every app permission granted by the user and the content for which it is granted permission.

Soon after this breaking news came the Mi Company worked on the issue and fixed it within a week and confirms that Xiaomi has now fixed all the issues related to the security application which comes pre-installed in Mi devices in the latest version of its Guard Provider app which they have released.

Hackers Turning Pre-Installed Security App in Xiaomi Smartphones into Malware

Xiaomi Smartphones into Malware – How Does It Work?

The Pre-Installed Security App in Xiaomi Smartphones which is used by a hacker to turn it into malware or virus such as ransomware is just because of insecure data transfer protocol used in the ‘Guard Provider’ security application.

The pre-installed security application ‘Guard Provider’ was using an unsecured vulnerable HTTP protocol for downloading antivirus signature updates for the application. This allowed the attackers to take over the victim’s device using a man-in-the-middle attack.

However, this attack can be done only when both, the attacker and the victim are in the same Wi-Fi network area or if any one of them is sharing a hotspot and is connected and vice-versa.

Once they satisfy the above condition, the attacker may target the victim’s device and push in malicious code which will execute in the victim's device as a security update. This security update will carry as soon as the victim's smartphones receive the malicious code as any security application after receiving update definitions will always try to execute to the device as the first and foremost task.

Hackers Turning Pre-Installed Security App in Xiaomi Smartphones into Malware – My views

Hackers Turning Pre-Installed Security App in Xiaomi Smartphones into Malware isn’t a very great deal. This vulnerability can only take place if the victim tries to connect to an unknown Wi-Fi network. Also after getting connected the attacker needs to pair with the device and also have to perform Man In The Middle Attack along with Remote Code Execution (RCE) attack in order to take over the victims device.

So, at last, I will suggest that Mi users should not connect to unknown Wi-Fi networks or share their Mobile Hotspots to an unknown person. And also if your Xiaomi smartphone does not have the latest version of Guard Provider, make sure to update.

No comments:

Post a Comment