Hundreds of thousands of phones at risk. The application contains an error, which lays the red carpet to hackers.
In devices of Xiaomi is loaded by the manufacturer program Provider Guard designed to protect the OS from malicious software.
It attracted the greatest criticism of technical experts. Experts found in the “native” antivirus smartphones Xiaomi dangerous vulnerability that can cause irreparable damage to the gadget. The application combines the capabilities of three anti-viruses: Avast, AVL and Tecnet.
Problems arise due to the insecure network traffic to the application. The alleged subject of threat can connect to a Wi-Fi and make a hacker attack. Vulnerability in the cyber fraudsters are capable of making a useless protection from viruses and threat to use script designed to steal personal information. Thus, hackers can obtain credit cards, passwords and other sensitive information.
Guard Provider installs on all major models of smartphones Xiaomi, and hundreds of thousands of devices, and uses three third-party software development kit (SDK) for the protection and cleaning of mobile devices from unwanted programs.
Ironically, the app, designed for security gadgets is an excellent loophole for hackers. The main application components are arranged in such a way that an error in one automatically makes the other vulnerable. Native anti-virus is updated via an unprotected http connection.
A hacker can intercept the information they need during this process. Discovered Xiaomi Guard Provider vulnerability makes you wonder whether users fully trust the pre-installed programs.
The bug is the use of several SDK to device security in one program. Probably, soon, experts will discover even more vulnerabilities of this kind, since such structure of protection is becoming popular.
© 2019, paradox. All rights reserved.