learn to track

Xiaomi Android Devices Hit by Multiple Flaws

TLDR: Multiple security flaws discovered in various Xiaomi Android apps and components, potentially leading to data theft and privacy issues. Users are advised to update devices immediately.

Oversecured, a mobile security firm, has discovered 20 security problems in various apps and parts of Xiaomi Android devices.

The problems could lead to serious issues like stealing files with system privileges and leaking private information.

A Wide Range of Apps and Components Affected

The flaws were found in many different apps and parts of the system, such as:

  • Gallery
  • GetApps
  • Mi Video
  • MIUI Bluetooth
  • Phone Services
  • Print Spooler
  • Security
  • Security Core Component
  • Settings
  • ShareMe
  • System Tracing
  • Xiaomi Cloud

Some of these parts, like Phone Services and Settings, are from the Android Open Source Project (AOSP). However, Xiaomi changed them to add more features, which led to the problems.

Serious Problems Discovered

One of the worst flaws was found in the System Tracing app. It could allow attackers to run shell commands on the device.

The Settings app also had issues that could let hackers steal files and get information about connected Bluetooth devices, Wi-Fi networks, and emergency contacts.

Another problem was found in the GetApps app. It uses a library called LiveEventBus, which has had an unfixed memory corruption bug for over a year.

The Mi Video app was also found to be sending Xiaomi account details like username and email address in a way that any other app on the device could easily get access to.

Users are Advised to Update Immediately

Oversecured reported all these problems to Xiaomi within just five days at the end of April 2023.

To stay safe from these potential threats, users should make sure they have the latest updates installed on their Xiaomi devices as soon as possible.

Don’t wait – update your phone now to protect your privacy and security.


Add comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.