What could be worse than this if the software intended to protect the devices, allow backdoors to open for hackers or become malicious software?
Scientists today showed that a security app that comes pre-installed on more than 150 million devices produced by Xiaomi, China’s largest and the world’s fourth-largest smartphone company, suffered from several issues that could have allowed remote hackers to destroy Xiaomi smartphones.
According to CheckPoint, the reported issues resided in one of the pre-installed programs, Guard Provider, a security app developed by Xiaomi that contains three different antivirus programs packed into it, allowing users to choose between Avast, AVL, and Tencent.
What could be worse, if the software that intends to protect your devices leaves the backdoors open to hackers or turns into malware?
Researchers revealed today that a security app pre-installed on more than 150 million devices produced by Xiaomi, the world’s largest and largest smartphone company, has suffered from numerous problems that could have allowed remote hackers to compromise Xiaomi smartphones.
According to CheckPoint, the reported problems resided in one of the pre-installed applications called Guard Provider, a security app developed by Xiaomi that includes three different antivirus programs packed into it, allowing users to choose between Avast, AVL, and Tencent.
Because Guard Provider was designed to offer multiple third-party programs within a single app, it uses several software development kits (SDKs), which researchers say is not a great idea because SDK data cannot be isolated and any problem in one of them could compromise the protection provided by others.
It appears that, before receiving the latest patch, Guard Provider was downloading antivirus signature updates through an unsecured HTTP connection, allowing man-in-the-middle attackers to stay on the open WiFi network to intercept the network connection of the device and send malicious updates.
“Once connected to the same Wi-Fi network of the victim, for example, in public places, for example in restaurants, cafes or shopping centers, the attacker could access the images, videos and other sensitive data of the owner phone, or injecting malware, “said CheckPoint to The Hacker News.
However, the actual attack scenario is not as simple as it might seem.
As explained by CheckPoint, researchers successfully achieved remote code execution on the target Xiaomi device after exploiting four separate problems in two different SDKs available in the app.
The attack has basically exploited the use of the unsecured HTTP connection, a path-traversal vulnerability and the lack of digital signature verification during the download and installation of an antivirus update on the device.
Check Point reported problems to the company and confirmed that Xiaomi solved the problems in the latest version of its Guard Provider app.
So, if you have a Xiaomi smartphone, make sure your security software is up to date