Israeli cyber researchers unveil Xiamoi phones' security breach

Xiaomi is the third largest player in the global mobile market and holds 8% of the global market share.

Arutz Sheva Staff ,

Credit: iStock

A significant security vulnerability that would allow hackers to break into any Xiaomi smartphone was discovered by Check Point Software Technologies researchers on Thursday. The vulnerability would have allowed hackers to encrypt the information on Xiaomi smartphones using rogue requests, infect them with malware that would steal phone data, or use the smartphones as tracking devices on its owners.

Xiaomi is the third largest player in the global mobile market and holds 8% of the global market share.

The vulnerability was found in a security app pre-installed on all of the company's phones - "Guard Provider" - designed to protect the device from viruses and malware. Hackers could have installed malicious code through the "Guard Provider," which uses third-party software development (an attack method known as Man-in-the-Middle) by using the same wireless network as the owner of the smartphone.

For example, if an attacker chose a public place with a popular Wi-Fi network (a mall, airport, large cafe, etc.), the attacker and the victims would be using the same wireless network. The attacker could inject the code on the third-party software development platform (SDK) - in the security app on the device - harming all owners of the company's smartphones using that wireless network.

Check Point researchers shared their findings with Xiaomi and the company resolved the security breach as quickly as possible. It's important to emphasize that the security update sent by the company to all smartphone owners is automatic and in actuality, this attack cannot be currently carried out following Xiaomi's resolution of the breach.

"Smartphone hacks are gaining momentum but 97% of all smartphone owners fail to use security apps to secure their data," said Jonathan Simonovitz, director of smartphone research at Check Point.

"The potential danger of the hacking of smartphones is highlighted when the security vulnerability is found in pre-installed applications on the carrier's devices - especially apps designed to protect the smartphone. Security solutions for smartphones - such as Sandblast Mobile - exist today and installing them on phones will protect them from security vulnerabilities," Simonovitz concluded.