Threat protection. Puts Xiaomi on smartphones with antivirus loophole for hackers
Company Check Point Software specializing in security, announced on the found vulnerabilities in the preinstalled app on the Xiaomi smartphones.
We are talking about application security Guard Provider, which is designed to protect smartphones from malicious programs. As the researchers found, to communicate with the management server, the application uses an insecure network connection.
As a result, an attacker can connect to the same Wi-Fi network as the victim. After that, it becomes possible to attack of type MiTM («man in the middle») when the hacker gets all the transmitted application data. Also the hacker can disable the protection under the guise of a third-party SDK updates and install any malware app to your smartphone — from slidelock to ransomware and the like.
App Guard Provider is installed on the smart phone manufacturer before the sale and remove it the user can. However, as soon as researchers announced Xiaomi about the found vulnerabilities, the company has released a patch.