Xiaomi’s Pre-installed Security App Contains a ­­Severe Vulnerability

A severe vulnerability has been found in Xiaomi Guard Provider, a pre-installed security app on Xiaomi smartphones intended to protect the user from malware. Xiaomi is widely described as China’s Apple and is the world’s third-largest smartphone maker. Xiaomi is available to US citizens via third-party vendors and has steadily grown in popularity since 2017. Guard Provider uses several third-party Software Development Kits (SDKs), which unfortunately can allow the flaws to be exploited and permit threat actors to move laterally into other SDK’s. This vulnerability could allow the threat actor to carry out a Man-in-the-Middle (MiTM) attack and inject malicious code onto the device that contains ransomware or has password stealing or tracking capabilities. The vulnerability was discovered by Check Point Research and reported to Xiaomi, who released a patch shortly thereafter. There have been no reports of exploitation at the time of this writing. These types of apps are pre-installed on the mobile device out-of-the-box, and thus cannot be deleted. The NJCCIC recommends Xiaomi users to ensure that mobile device software is up-to-date and all security patches have been applied.

AdvisoryNJCCICApps, Mobile