On 4th of April 2019, Researchers have revealed that a security app that comes as pre-installed on over 150 million devices that are manufactured by Xiaomi (the fourth largest smartphone company in the world and the biggest in China) was suffering from the multiple issues that could have provided the remote hackers to compromise the Xiaomi smartphones.
As the CheckPoint revealed, the reported issues were spotted in one of the pre-installed apps called the Guard Provider which is a security app developed by Xiaomi that included three different antivirus packed in it permitting the users to choose between AVL, Avast and Tencent. The Guard Provider has been so designed that it can offer multiple 3rd party programs within a single app and uses several Software Development Kits (SDKs) which proves to be not a good idea by the researchers as the data of the SDK cannot be isolated and any issue in one of them could compromise the protection provided by the others.
It has been found out that prior to receiving the latest patch, the Guard provider was downloading the antivirus signature updates via an unsecured HTTP connection permitting the man in the middle attackers who are sitting on the open WiFi network to intercept the user’s device network connection and push the malicious updates. CheckPoint further stated that if the victim and the attacker connect to the same WiFi in a public place, then the hackers gets to have the access to the victim’s phone and moreover he can access the pictures, videos and other very sensitive data or even inject a malware. CheckPoint confirmed that Xiaomi has now fixed the issues in the updated version of its Guard Provider App. Therefore, the users need to keep their app up-to-date.