This could potentially affect millions of Xiaomi devices being used world-wide
Being among the top 5 smartphone manufacturers in the world, Xiaomi has come a long way. With millions of people using their devices, Xiaomi’s own customized MIUI runs on millions of devices. Now, it has been reported to have multiple security vulnerabilities.
Discovered by security firm eScan Antivirus, Xiaomi MIUI has been found with a number of security flaws.
Amidst all this, MIUI 9 is getting an official launch in China on 11th August 2017. Although the worldwide rollout of the international MIUI 9 version still doesn’t have a date, it is expected to be available to users by September 2017.
Being among the top 5 smartphone manufacturers in the world, Xiaomi has come a long way. With millions of people using their devices, Xiaomi’s own customized MIUI runs on millions of devices. Now, it has been reported to have multiple security vulnerabilities.
Discovered by security firm eScan Antivirus, Xiaomi MIUI has been found with a number of security flaws.
1. Payment Information Leak
The first vulnerability has to do with the Mi Mover app. The app lets you transfer your settings and other data from your smartphone to any other device. But, the app ditches Android’s Sandbox Protection, when the transfer is being done between two Xiaomi phones. The app also carries over passwords and sensitive payment data.
How will this affect You?
Since the app is no longer functioning within Android’s Sandbox Protection, all your confidential bank and payment data lies vulnerable.
2. No Password Protection
To protect the information from being transferred, the device should need a password to authenticate the use of the Mi Mover app. But the research has observed that the app does not have any sort of password protection, when data is being transferred between any Xiaomi devices.
How will this affect You?
With lack of any password protection, anyone can transfer sensitive data from an unlocked Xiaomi device.
3. Cloning of Device
As there is no protection, this becomes a very serious issue. If someone gains access to your unlocked Xiaomi device, they can easily clone your system and be able to steal app data without any hassle. At the same time, since it is functioning out of Android’s Sandbox Protection, there is no fall-back protection in Xiaomi’s MIUI itself to protect the system.
How will this affect You?
If your device is stolen, or if someone gets access to your unlocked device, even for a few minutes, they can easily move your confidential data to a cloned device.
4. No Administrator Permission Needed to Wipe off Data
Another notable security vulnerability is with the in-built device administrator apps. Generally, the security apps on any Android device require Android’s administrator permission to wipe off data from the device. In MIUI, it doesn’t require any password.
How will affect You?
If your unlocked Xiaomi device ever falls in the wrong hands, they can easily steal your data, and wipe it all off at the same time, leaving no evidence behind.
Xiaomi Denies Allegations
Xiaomi has strongly disagreed with the report, saying they have ‘taken all the possible steps to ensure our devices and services adhere to our privacy policy’. Though, Xiaomi also has urged the users to use a PIN, pattern lock or a fingerprint lock to minimize the risk of someone getting into your device.
MIUI 9 Launching in China
Amidst all this, MIUI 9 is getting an official launch in China on 11th August 2017. Although the worldwide rollout of the international MIUI 9 version still doesn’t have a date, it is expected to be available to users by September 2017.
No comments:
Post a Comment