A scandal has emerged in Xiaomi, the technology giant in smartphones and many technological products. It seems that the Chinese company still has shortcomings in terms of security. Unfortunately, this vulnerability may cause financial loss for some Xiaomi users.
CPR cybersecurity experts find vulnerabilities in some Xiaomi phones
Mobile payment is a very common form of payment nowadays. For convenience, we make mobile payments on a daily basis, leaving aside various uncertainties and doubts. However, cybersecurity experts from Check Point Research (CPR) found vulnerabilities in some Xiaomi phones.
Experts exploit this vulnerability in the mobile payment mechanism of devices for threat actors to sign fraudulent payments and steal users’ money. Check Point Security Researcher Slava Makkaveev made a statement on the subject. “We discovered a number of vulnerabilities that could allow forgery of payment packages or direct deactivation of the payment system from an unprivileged Android application.” said.
According to CPR’s report, the vulnerability emerged in Xiaomi’s Trusted Environment, which stores sensitive information such as passwords and security keys. According to this vulnerability, there are two ways to get users’ money. One of them is to provide malware downloads or directly examine the device itself.
The first type of attack comes from a malicious Android app that a user has installed. In this case, the app sends a fake payment package to get the keys and steal the money. The second attack method involves physically taking over the device by the attacker. If it is not physically possible to take over, it can root the device. In addition, it can lower the environment of trust. He can then use his code to create a fake payment package without the app.
After finding the flaw, Makkaveev informed Xiaomi to fix the problem. “We have disclosed our findings to Xiaomi, which is working quickly to issue a fix.” After that, Xiaomi fixed the security vulnerabilities instantly.
Do you think this vulnerability of Xiaomi has created a distrust of Xiaomi users? After this news, are you worried about buying a Xiaomi phone or what do you think if you are a Xiaomi user? Please share with us in the comments.