Xiaomi Smartphones Vulnerable to Man-in-the-Middle Attacks

Xiaomi smartphones are at chance of Man-in-the-Middle (MitM) attacks thanks to a remote code execution vulnerability. Researchers discovered and reported this critical exploit to Xiaomi before this twelvemonth, which has at present patched the flaws. The vulnerability could have been exploited by attackers to proceeds consummate control of infected handsets.

IBM discovers critical bugs in Xiaomi MIUI OS

Xiaomi is world's third largest smartphone manufacturer, which managed to sell over 70 million devices terminal yr lone. Millions of these devices could be vulnerable to a severe remote lawmaking execution (RCE) flaw that grants attackers consummate control of the infected devices. This vulnerability exists in the company's implementation of the Android operating arrangement. MIUI, a custom flavor based on Android 6.0 Marshmallow, ships with Xiaomi'due south devices, and is also available to be flashed on devices sold past other vendors.

Discovered past IBM X-Force researcher David Kaplan, this flaw potentially offers attackers privileged network admission (e.g. public WiFi), using which they can install malware remotely on the affected devices. This vulnerability was present in the analytics packages that exists in various applications shipping with MIUI. All these apps in the MIUI Developer ROM version 6.one.8 are vulnerable to remote code execution via homo-in-the-middle attacks, including the built-in browser app.

These apps offer different capabilities and privileges, researchers warned. Vulnerable apps could be abused to provide ROM updates remotely, enabling apps to run with the privileges of its host app. These updates are performed over an insecure HTTP link, instead of HTTPS, making fashion for MitM attacks. "If a vulnerable application was found to be running every bit the system user, a good portion of the Android'southward user infinite would be compromised," Kaplan said.

IBM informed Xiaomi of this vulnerability in January, and the company has at present patched it. Xiaomi has started sending over-the-air updates to its devices worldwide. Users are brash to update to MIUI Global Stable version 7.2 based on Android 6.0 equally before long as it becomes bachelor to get these critical fixes.