Xiaomi Android Devices Hit by Multiple Flaws
TLDR: Multiple security flaws discovered in various Xiaomi Android apps and components, potentially leading to data theft and privacy issues. Users are advised to update devices immediately.
Oversecured, a mobile security firm, has discovered 20 security problems in various apps and parts of Xiaomi Android devices.
The problems could lead to serious issues like stealing files with system privileges and leaking private information.
A Wide Range of Apps and Components Affected
The flaws were found in many different apps and parts of the system, such as:
- Gallery
- GetApps
- Mi Video
- MIUI Bluetooth
- Phone Services
- Print Spooler
- Security
- Security Core Component
- Settings
- ShareMe
- System Tracing
- Xiaomi Cloud
Some of these parts, like Phone Services and Settings, are from the Android Open Source Project (AOSP). However, Xiaomi changed them to add more features, which led to the problems.
Serious Problems Discovered
One of the worst flaws was found in the System Tracing app. It could allow attackers to run shell commands on the device.
The Settings app also had issues that could let hackers steal files and get information about connected Bluetooth devices, Wi-Fi networks, and emergency contacts.
Another problem was found in the GetApps app. It uses a library called LiveEventBus, which has had an unfixed memory corruption bug for over a year.
The Mi Video app was also found to be sending Xiaomi account details like username and email address in a way that any other app on the device could easily get access to.
Users are Advised to Update Immediately
Oversecured reported all these problems to Xiaomi within just five days at the end of April 2023.
To stay safe from these potential threats, users should make sure they have the latest updates installed on their Xiaomi devices as soon as possible.
Don’t wait – update your phone now to protect your privacy and security.