While Xiaomi’s security app’s main purpose is to protect the devices and the user data, recent reports have surfaced claiming that the app did the opposite to what it was meant to do.
The security app is known as the Guard Provider,and uses anti-virus scanners from not only Avast, but also from AVL and Tencent in an attempt to detect any potential malware. And since recent times have made it quite obvious that Android malware finds different ways to get onto your device, it isn’t surprising at all to learn that Xiaomi Pre-installed the guard provider on all of its phones.
However, researchers down at Check Point have found a glaring security flaw within the app – its very own update mechanism.
SlavaMakkaveev, who happens to be a researcher down at Check Point, has claimed that Guard Provider receives updates via an unsecured HTTP connection. What this means is that there is the possibility of abusing the Avast update APK along with the insertion of malware via a man-in-the-middle (MITM) attack so as long as they were on the same Wifi network as their potential victims.
Must Read: Vivo S1 available for purchase in China
A prime example of a MITM attack is actually active eavesdropping, with this involving an attacker setting up and independent connection with the victim. The victim is actually trapped as they believe they are relaying messages with a legitimate third party, when in reality, the attacker intercepts the victim’s messages and throws in new ones.
The problem doesn’t only involve malware, as Makkaveev has claimed that the attackers may also use MITM attacks to inject ransomware or tracking apps. Attackers may even learn the name of the name of the update in an attempt to make their software look as innocuous as it possibly could be.
Considering the fact that Guard Provider comes Pre-installed on Xiaomi phones, there are in reality millions of devices that feature with the same security flaw. However, there does seem to be light at the end of the tunnel, as not only has Xiaomi been made aware of the issue at hand, but the company is also actively working with Avast in order to fix it.
