Israeli cyber experts identify a vulnerability in Xiaomi phones

Check Point researchers discovered the flaw in Xiaomi’s pre-installed security app “Guard Provider,” designed to protect the phone by detecting malware.

By
April 4, 2019 18:04
1 minute read.
Xiaomi founder Lei Jun introduces the flagship Mi 8 during a product launch in Shenzhen, China, 2018

Xiaomi founder Lei Jun introduces the flagship Mi 8 during a product launch in Shenzhen, China May 31, 2018.. (photo credit: BOBBY YIP/ REUTERS)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analysis from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later

 A vulnerability allowing hackers access to private data of Xiaomi phone users was unveiled by researchers at leading Tel Aviv-based cybersecurity company Check Point Software Technologies on Thursday.

Beijing-headquartered Xiaomi Corporation is the fourth largest mobile vendor worldwide, possessing 7.5% of the global market share. Only Samsung, Apple and Huawei boast a larger market share, according to StatCounter.
Check Point researchers discovered the flaw in Xiaomi’s pre-installed security app “Guard Provider,” designed to protect the phone by detecting malware, which actually exposes the user to data theft, ransomware, tracking and malware.


The company has already disclosed the vulnerability to Xiaomi, which has since released a patch to fix the threat.


The vulnerability enabled hackers to connect to the same Wi-Fi network as the Xiaomi user and carry out a Man-in-the-Middle attack, whereby a hacker can track communication between a device and a server.


Once inside, via a third-party Software Development Kit update, that actor could then disable malware protections and inject rogue code to steal data, implant ransomware or tracking, or install any other kind of malware.


“It is completely understandable that users would put their trust in smartphone manufacturers’ pre-installed apps, especially when those apps claim to protect the phone itself,” said researchers at Check Point in a statement.


“This vulnerability discovered in Xiaomi’s ‘Guard Provider’, however, raises the worrying question of who is guarding the guardian. And although the guardian should not necessarily need guarding, clearly when it comes to how apps are developed, even those built in by the smartphone vendor, one cannot be too careful.”


In January, Check Point researchers also identified vulnerabilities potentially granting hackers access to personal information belonging to nearly 80 million players of popular online video game Fortnite.


The vulnerabilities, if exploited, would have enabled full access to a user’s account and their personal information, including purchasing in-game currency using their payment card details, as well as listening to in-game chatter and surrounding sounds and conversations within the user’s home or playing location.


Check Point notified Fortnite developer Epic Games of the vulnerability, which has since been fixed, but warned users to always remain vigilant when exchanging information digitally and to question the legitimacy of links to information seen on user forums and websites.

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

May 22, 2019
International humanitarian law in Halacha

By SHLOMO BRODY