The Xiaomi Mix 3.
Juan Garzn / CNET
One of the largest phone manufacturers in China suffers from a major security flaw that hackers can stalk, researchers say.
The security investigators of the firm Check Point on April 4 revealed a vulnerability in the Xiaomi phones which comes from your pre-installed Guard Provider app. The app aims to be a security feature, with three built-in antivirus to detect malware.
However, this security function introduced a vulnerability, according to researcher Slava Makkaveev of Check Point.
Guard Provider gets its updates through an unsecured HTTP connection, Makkaveev said. This means that if an evildoer is on the same Wi-Fi network, the hacker will be able to insert malware into those updates. It is then that a corrupt network that is configured to look exactly like the one you are connected to tricks the device into connecting to the fake Wi-Fi network.
Through this vulnerability, a hacker could have interrupted the Guard Provider update process and added malware that would steal your data, install tracking apps and ransomware, Makkaveev said.
Check Point said it has already communicated the fault to Xiaomi, and that the manufacturer has already released a fix for the fault. Xiaomi has not responded to a request for comment.
Xiaomi phones are among the most popular in China, as the company boasts of its folding phones and of his cell phones of gaming Top of the range The company is in the fourth position in number of phones distributed globally, according to its income report in December. Xiaomi says it sold 118.7 million phones in 2018.
